EUVD-2016-0258

Malware in sbrugna...

Description of 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2

Describes 2007 Microsoft Office servers Service Pack 2 SP2 and 2007 Microsoft Office servers Language Pack Service Pack 2 SP2. This includes a complete list of the improvements that SP2 provides.INTRODUCTIONThe 2007 Microsoft Office servers Service Pack 2 SP2 package gives customers the latest...

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Forms Server (CVE-2016-3092 )

Summary An Apache Commons FileUpload vulnerability for handling string edge case was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending...

Security Bulletin: IBM Forms Server may be affected by an Apache Xerces-C XML Parser library vulnerability (CVE-2016-0729, CVE-2016-4463)

Summary An IBM Form XFDL document that contains a specially crafted mark-up could crash IBM Forms Server. This may expose a vulnerability in its use of the Apache Xerces-C XML Parser library. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable ...

Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223)

Summary IBM Forms Server's Webform Framework API is vulnerable to cross-site scripting when a specifically-crafted URL is used within the web browser. Vulnerability Details CVEID: CVE-2016-0223 DESCRIPTION: IBM Forms Server is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Vulnerability in Apache Commons Collections affects IBM Forms Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: IBM Forms Experience Builder is affected by a Dojo Toolkit vulnerability (CVE-2014-8917)

Summary IBM Forms Experience Builder uses the Dojo Toolkit which has a known cross-site scripting XSS vulnerability. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

Cross-site scripting XSS vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006...

CVE-2016-0223

CVE-2016-0223 affects IBM Forms Server (Webform Framework API) on 4.0., 8.0. , 8.1, 8.2. The vulnerability arises from improper validation of user-supplied input, allowing a remote attacker to execute arbitrary script via a specially crafted URL, i.e., a cross-site scripting (XSS) flaw. Impact in...

IBM Forms Server Cross-Site Scripting Vulnerability

IBM Forms Server is the United States IBM's set of scalable document-based form application of electronic form automation software. A cross-site scripting vulnerability exists in IBM Forms Server that stems from the program's failure to adequately filter user-submitted input. An attacker could...

XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke

Hello, Microsoft recently published MS11-074. This bulletin concerns mainly SharePoint 2007 and 2010 but CVE-2011-1892 applies too to Office Groove client and server, Office Forms Server 2007 and Office Web Apps 2010. The vulnerability is a "XML External Entity Reference" one, as described in...

Security Update for Microsoft Office Forms Server 2007 (KB2553005), 64-bit Edition

A security vulnerability exists in Microsoft Microsoft Office Forms Server 2007, 64-bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...