45 matches found
HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f2b5429feaa7d229418cf499ce5f5822.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HEUR.Backdoor.Win32.Generic Vulnerability: Unauthenticated Open Proxy Description: The malware liste...
Design/Logic Flaw
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...
Design/Logic Flaw
IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...
Security Bulletin: Vulnerabilities in WebSphere Application Server
Summary There are vulnerabilities in WebSphere Application Server used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to spoof connection information which could ...
Pulse Connect Secure and Policy Secure CVE-2019-11509 Access Bypass Vulnerability
Description Pulse Connect Secure and Policy Secure are prone to an access-bypass vulnerability. An attacker can exploit this execute arbitrary code and perform unauthorized actions; this may aid in launching further attacks. The following products are vulnerable: Pulse Connect Secure 9.0RX, 8.3RX...
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2018-1902)
Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-1902 DESCRIPTION: IBM WebSphere...
Design/Logic Flaw
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click...
Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint
Summary Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system...
Design/Logic Flaw
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...
CVE-2017-1516
IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the...
Xen Information Disclosure Vulnerability (CNVD-2017-06979)
Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has an information disclosure...
Pivotal GemFire for PCF Unauthorized Access Vulnerability
GemFire for PCF is a distributed management platform designed by Pivotal for many different data management situations, but is particularly useful for high-volume, latency-sensitive, mission-critical transactional systems. An unauthorized access vulnerability exists in Pivotal GemFire for PCF. An...
Multiple Unify Product Information Disclosure Vulnerabilities
Unify is a leading communications software and services company in China. OpenScape and HiPath are the unify suite of solutions for enterprise unified communications. An information disclosure vulnerability exists in multiple Unify products, which can be exploited by attackers to obtain sensitive...
CruxCMS 3.0 'search.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27588/info CruxCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
KindEditor - name Cross-Site Scripting
KindEditor - name Cross-Site Scripting source: https://www.securityfocus.com/bid/55172/info KindEditor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of...
Classified Script - c-BrowseClassified Cross-Site Scripting
Classified Script - c-BrowseClassified Cross-Site Scripting source: https://www.securityfocus.com/bid/48564/info Classified Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrar...
MyBloggie 2.1.6 - HTML Injection / SQL Injection
source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...
encoder 0.4.10 - 'edit.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47755/info encoder is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
WordPress Plugin BackWPup 1.4 - Multiple Information Disclosure Vulnerabilities
source: https://www.securityfocus.com/bid/46610/info The BackWPup plugin for WordPress is prone to multiple information-disclosure vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to retrieve the contents of an arbitrary file. Informati...
PG Matchmaking - 'services.php?show' Cross-Site Scripting
source: https://www.securityfocus.com/bid/35808/info PG Matchmaking is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...