Lucene search
K

3542 matches found

Cvelist
Cvelist
added 2014/11/14 12:0 a.m.29 views

CVE-2014-7878

The Application Lifecycle Service ALS in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys fo...

7.6AI score0.10349EPSS
Exploits0References2
CVE
CVE
added 2014/11/14 12:0 a.m.34 views

CVE-2014-7878

The CVE-2014-7878 issue affects HP Helion Cloud Development Platform 1.0: the Application Lifecycle Service (ALS) Seed Node image contains identical security keys across different customer installations, enabling a remote attacker with a VM derived from the Seed Node image to connect to other VMs...

10CVSS7.9AI score0.10349EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2014/09/24 3:31 p.m.16 views

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/09/23 8:53 a.m.57 views

Charney on Trustworthy Computing: 'I Was the Architect of These Changes'

Scott Charney, the head of Microsoft’s Trustworthy Computing efforts, said that he was the one who decided it was time to move the TwC group in a new direction and integrate the security functions more deeply into the company as a whole. “I was the architect of these changes. This is not about th...

9.3CVSS0.6AI score0.99945EPSS
Exploits33References2
NVD
NVD
added 2014/09/12 1:55 a.m.19 views

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

5CVSS6.1AI score0.01667EPSS
Exploits0References2
Prion
Prion
added 2014/09/12 1:55 a.m.19 views

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

5CVSS6.7AI score0.01667EPSS
Exploits0References2Affected Software7
CVE
CVE
added 2014/09/12 1:0 a.m.55 views

CVE-2014-3092

CVE-2014-3092 affects IBM Jazz Team Server-based products (e.g., Rational CLM suite, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) where the session cookie is not marked Secure in HTTPS, enabling potential cookie leakage over HTTP. The root cause is the cookie’s missing Secure flag during SSL s...

5CVSS6.2AI score0.01667EPSS
Exploits0References2Affected Software7
Cvelist
Cvelist
added 2014/09/12 1:0 a.m.23 views

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

6.1AI score0.01667EPSS
Exploits0References2
NVD
NVD
added 2014/09/10 10:55 a.m.22 views

CVE-2014-3037

Cross-site request forgery CSRF vulnerability in IBM Configuration Management Application aka VVC in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager...

6CVSS6.1AI score0.00783EPSS
Exploits0References5
Prion
Prion
added 2014/09/10 10:55 a.m.21 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in IBM Configuration Management Application aka VVC in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager...

6CVSS6.4AI score0.00783EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2014/08/12 12:0 a.m.43 views

CVE-2014-2631

CVE-2014-2631 affects HP Application Lifecycle Management / Quality Center 11.5x and 12.0x. The root cause is a DLL planting elevation-of-privilege flaw in ACLs on a specific installed directory, enabling a remote attacker with an unprivileged account to place a malicious DLL and trigger code exe...

4.6CVSS6.7AI score0.00554EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2014/08/12 12:0 a.m.31 views

Hewlett-Packard Application Lifecycle Manager DLL Planting Elevation of Privilege Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard's Application Lifecycle Management. This vulnerability requires the attacker to have an unprivileged account on the Application Lifecycle Management System. The specific flaw exists...

6.8CVSS7AI score0.00554EPSS
Exploits0References1
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.74 views

[security bulletin] HPSBMU03085 rev.1 - HP Application Lifecycle Management / Quality Center, Elevation of Privilege

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04394553 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04394553 Version: 1 HPSBMU03085 rev....

4.6CVSS0.1AI score0.00554EPSS
Exploits0
securityvulns
securityvulns
added 2014/08/11 12:0 a.m.35 views

HP Application Lifecycle Management / Quality Center privilege escalation

No description provided...

4.6CVSS1.7AI score0.00554EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2014/07/22 9:0 a.m.10 views

Third-Party Software Library Risks Scrutinized at Black Hat

Enterprise application developers are under real pressures to push projects out the door quickly and cheaply, and each new version certainly has to be better than the last. This forces them to make decisions that, at a minimum, improve efficiency—and also introduce additional risks. Of particular...

7.3AI score
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2014/04/30 2:0 p.m.27 views

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

6AI score0.02275EPSS
Exploits0References6
NVD
NVD
added 2014/04/16 6:37 p.m.16 views

CVE-2011-0993

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

2.1CVSS5.8AI score0.00369EPSS
Exploits0References2
Prion
Prion
added 2014/04/16 6:37 p.m.21 views

Information disclosure

SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors...

2.1CVSS6.2AI score0.00369EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/04/16 6:0 p.m.53 views

CVE-2011-0993

SUSE Lifecycle Management Server is affected by CVE-2011-0993: before version 1.1, it uses world-readable PostgreSQL credentials, allowing local users to obtain sensitive information via unspecified vectors. The impact is information disclosure; no exploit details are provided in the connected do...

2.1CVSS5.9AI score0.00369EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder