Security Bulletin: Password disclosure via trace log vulnerability in IBM MQ Managed File Transfer (CVE-2017-1795)

Summary Trace files generated by IBM MQ Managed File Transfer commands display passwords in plain text. Vulnerability Details CVEID: CVE-2017-1795 DESCRIPTION: IBM MQ Managed File Transfer could allow a local user to obtain highly sensitive information via trace log files generated by its command...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability exists because the affect...

CVE-2018-0465

Cisco Small Business 300 Series Managed Switches have a cross-site scripting (XSS) vulnerability in the web-based management interface due to insufficient validation of user input. An unauthenticated, remote attacker could lure a user into clicking a malicious link, leading to execution of arbitr...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 8 director security and bug fix update

An update for instack-undercloud and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 8.0 Liberty director. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

September 28, 2017—KB4038801 (OS Build 14393.1737)

September 28, 2017—KB4038801 OS Build 14393.1737 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Updated the BitLocker.psm1 PowerShell script to not log passwords when logging is enabled...

August 23, 2016 — KB3176934 (OS Build 14393.82)

August 23, 2016 — KB3176934 OS Build 14393.82 This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Network Controller, DNS server, gateways, Storage Spaces Direct, Group Managed Service...

Partner Perspectives: Siemplify & Carbon Black Create Competitive Solution for MSSPs

Meny Har is the VP of Product for Siemplify. Advanced threats and an ever-evolving competitive landscape have created an increased demand for managed security services. Organizations of all sizes are turning to managed security services providers MSSPs to help them to effectively manage their...

Authentication flaw

An authentication bypass flaw was found in the smartproxydynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context...

JVN#68528150: Multiple FXC network devices vulnerable to cross-site scripting

Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability CWE-79. Impact If an attacker with administrative rights logs in the Management GUI and embeds a specially crafted script, then that script may be executed on another administrator's web browser...

Description of the security update for SharePoint Enterprise Server 2013: September 11, 2018

Description of the security update for SharePoint Enterprise Server 2013: September 11, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities,...

CVE-2016-7071

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

HP Jetdirect Path Traversal Arbitrary Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule 'HP Jetdirect Path Traversal Arbitrary Code Execution', 'Description' = %q The module exploits a path traversal via...

HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule 'HP Jetdirect Path Traversal Arbitrary Code Execution', 'Description' = %q The module exploits a path traversal via...

April 18, 2017—KB4015553 (Preview of Monthly Rollup)

April 18, 2017—KB4015553 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4015550 released April 11, 2017 and also includes these new quality improvements as a preview of the next Monthly Rollup update:...

Partner Perspectives: Extend Visibility Without Expanding Your Team

The best partnerships seem destined from the start - Han Solo and Chewbacca, Mario and Luigi - even newer partners, like Groot and Rocket. The best partners combine their strengths to expand the opportunities available to them. This is true of partnerships in cybersecurity stay with us here. Bett...

CloudSploit Scans - AWS Security Scanning Checks

CloudSploit scans is an open-source project designed to allow detection of security risks in an AWS account. These scripts are designed to run against an AWS account and return a series of potential misconfigurations and security risks. Installation Ensure that NodeJS is installed. If not, instal...

Switch Port Mapping Tool 2.81.2 Denial Of Service

Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...

This Week in Security News: Hijacks and Healthcare

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, Singapore looks into the effectiveness of virtual browsers in an attempt to reduce cyberattacks on healthcare systems. Also, cybercriminals...

ThreatList: SMB Security Challenges Grow with the Cloud

Firewall and network security is the No. 1 concern when it comes to small- and medium-sized business SMB security, according to research, particularly as they begin to move more and more of their mission-critical infrastructure to the cloud. However, preparing for increasing security threats...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...