39 matches found
CVE-2018-1878
IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. IBM X-Force ID: 151714...
CVE-2018-1878
CVE-2018-1878 affects IBM Robotic Process Automation with Automation Anywhere (11.0). The root cause is an information disclosure in web requests that could reveal sensitive data to an attacker, enabling future attacks. Affected version: 11.0.0.1. Remediation: upgrade to IBM Robotic Process Autom...
Security Bulletin: IBM Robotic Process Automation could disclose sensitive information in a web request (CVE-2018-1878)
Summary IBM Robotic Process Automation could disclose sensitive information in a web request that could aid in future attacks against the system Vulnerability Details CVEID: CVE-2018-1878 DESCRIPTION: IBM Robotic Process Automation could disclose sensitive information in a web request that could...
Information disclosure
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...
CVE-2017-1509
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...
CVE-2017-1509
IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719...
Design/Logic Flaw
IBM Jazz Foundation IBM Rational Collaborative Lifecycle Management 5.0 and 6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970...
Internet Security Threats at the Olympics
There are a lot: The cybersecurity company McAfee recently uncovered a cyber operation, dubbed Operation GoldDragon, attacking South Korean organizations related to the Winter Olympics. McAfee believes the attack came from a nation state that speaks Korean, although it has no definitive proof tha...
BACKSWING - Pulling a BADRABBIT Out of a Hat
Executive Summary On Oct. 24, 2017, coordinated strategic web compromises started to distribute BADRABBIT ransomware to unwitting users. FireEye appliances detected the download attempts and blocked our user base from infection. During our investigation into the activity, FireEye identified a...
CVE-2016-2971
IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive information in stack trace error logs that could aid an attacker in future attacks. IBM X-Force ID: 113898...
Masscan Port Scanner
Masscan is a port scanning product. Use of this product might indicate an attempt to collect data regarding the target network, and use it for future attacks...
FloosieTek FTGatePro 1.2 WebAdmin Interface Information Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to insufficient access controls put in...
CuteNews 1.3 Debug Query Information Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the...
Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2003/info NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin. This script does not properly enclose an ECHO command in quotes, and as a result shell expansion of the character ca...
Killer Protection 1.0 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5905/info The Killer Protection PHP script is prone to an information-disclosure issue. Reportedly, unauthorized users can access sensitive user data by requesting the 'vars.inc' file in a malicious HTTP request. Exploiti...
Meetup.com Back Online After DDoS Attacks, Extortion
Social networking site Meetup.com is finally back online today, yet officials at the site are warning it could still face future outages following a series of sustained distributed denial of service attacks DDoS over the weekend. Meetup is a social networking portal that allows individuals with...
Drag and drop loading of privileged XUL — Mozilla
A malicious page that could lure a user into dragging something such as a fake scrollbar can bypass the restriction on opening privileged XUL. The startup scripts in the XUL will run with enhanced privilege, though the actions taken upon merely opening most XUL are benign. So far no way to run...
FloosieTek FTGatePro 1.2 - WebAdmin Interface Information Disclosure
FloosieTek FTGatePro 1.2 - WebAdmin Interface Information Disclosure source: https://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to...
Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure
source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...