CVE-2013-6732

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

Xxe

The server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an...

Cross site scripting

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

Cross site scripting

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

CVE-2013-6732

IBM Cognos BI Server is affected by CVE-2013-6732, a reflective cross-site scripting (XSS) vulnerability. An unsanitized input parameter can be exploited by tricking a user into clicking a crafted link to inject arbitrary script/HTML. Affected versions: Cognos BI 8.4.1; 10.1 before IF6; 10.1.1 be...

CVE-2014-0861

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

CVE-2013-6732

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter...

Schneider Electric Wonderware Intelligence Security Patch for OpenSSL Vulnerability

OVERVIEW Schneider Electric Wonderware’s Cyber Security Team has identified an OpenSSL Heartbleed vulnerability in the Wonderware Intelligence application, caused by a third-party component. Schneider Electric Wonderware has produced a patch that mitigates this vulnerability. This vulnerability...

New IE Zero Day Found Targeting Military Intelligence

Attackers were able to compromise the U.S. Veterans of Foreign Wars’ website this week and serve up a previously unknown zero day exploit in Internet Explorer 10, and while motivation behind the campaign is still unclear, experts are speculating its aim was to procure military intelligence...

Tableau Server < 8.0.7 / < 8.1.2 - Blind SQL Injection

Trustwave's SpiderLabs Security Advisory TWSL2014-003: Blind SQL Injection Vulnerability in Tableau Server Published: 02/07/14 Version: 1.1 Vendor: Tableau Software http://www.tableausoftware.com Product: Tableau Server Versions affected: 8.1.X before 8.1.2 and 8.0.X before 8.0.7. Not present in...

'Chaos Computer Club' filed criminal complaint against German government Over Mass Spying

After the revelation of former NSA contractor Edward Snowden, we all very well knew the impact of it on the world, but nobody would have estimated that the impact will be so worst. The revelation, not only defaced NSA, but also its counterpart GCHQ, and various other governments which were servin...

Navy's Cyberwar Expert - New Director of NSA, replacing Gen. Keith Alexander

It is very clear that when we talk about Intelligence and Surveillance, the first name comes to our mind is the U.S National Security Agency NSA and, the second is Gen. Keith Alexander, the Director of NSA..GEEK behind the massive surveillance Programs. Many documents revealed by the former NSA’s...

Senators Question Intelligence Officials About Snowden, Domestic Surveillance

In a hearing before the Senate Intelligence Committee to discuss the public portions of a new national security threat assessment, top intelligence and law enforcement officials said that attacks against financial networks and the critical infrastructure are major threats to the United States’...

Crypto Pioneers Write Letter on NSA Surveillance to Obama

Perhaps the biggest condemnation of President Obama’s address last Friday announcing reforms to the NSA’s surveillance programs was his failure to mention any of the agency’s alleged involvement in subverting cryptography standards and the impact that has had on the trustworthiness of products...

Oversight Board Calls NSA Metadata Collection Illegal

Another independent review board investigating the National Security Agency’s collection of phone records metadata has come down hard on the program, calling it illegal, recommending the government end the program, and questioning its effectiveness in ferreting out terrorists. The Privacy and Civ...

Infamous hacker "Guccifer" arrested in Romania; charged with multiple cyber crimes

"Guccifer" arrested in Romania, the infamous hacker who was responsible for breaching the social media and email accounts of numerous high profile US and Romanian Politicians. Romanian authorities collaborated with US services to catch him and the officers of the Directorate for Investigating...

23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

In the previous reports of Cyber Intelligence firm 'IntelCrawler' named Sergey Tarasov, a 17-year-old teenager behind the nickname "ree4", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110...

The NSA, Obama and Straw Men

For the people expecting President Barack Obama to announce sweeping changes to the NSA’s surveillance programs, his speech on Friday likely was a major disappointment. Obama laid out some new controls and limits for some of the more controversial programs, specifically the phone metadata...

More details about alleged 17-year-old Russian BlackPOS Malware Author released

Security experts at IntelCrawler provided a new interesting update on BlackPOS malware author, that he forgot to delete his Social networking profile even after the last exposure from the investigators. As we have reported a few days before that the Intelligence firm IntelCrawler has identified a...

Metadata Program 'Not Uniquely Valuable'

In a mostly friendly and non-confrontational hearing on Tuesday, members of the Senate Judiciary Committee spent a couple of hours talking to members of the White House-appointed NSA review board about the extent of the agency’s surveillance and the panel’s recommendations for reform. The hearing...