CVE-2018-0408

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

CVE-2018-0408

Cisco Small Business 300 Series (Sx300) Managed Switches web UI is vulnerable to a reflected XSS due to insufficient input validation. An authenticated attacker could lure a user to click a crafted link, executing arbitrary script code in the UI context or accessing browser-based information. Aff...

CVE-2018-0407

Cisco Small Business 300 Series (Sx300) Managed Switches web-based management interface is vulnerable to persistent cross-site scripting (XSS) due to insufficient validation of user input. An authenticated, remote attacker could lure a user into clicking a crafted link, allowing arbitrary script ...

Cisco Small Business 300 Series Managed Switches Authenticated Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Building a Profitable Security Services Offering Part 2 IT Security Features and Benefits Overview

Trend Micro is excited to partner with SPC International in this 5-part Blog, Webinar and Online Training Series; focused on Building a Profitable Security Services Offering for MSP Partners. Through the series, SPC will teach you a selling process of leading with security, steps in growing your...

IBM WebSphere MQ Managed File Transfer Information Disclosure Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. It provides a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM WebSphere MQ Managed File Transfer is one of the tools used to manage file transfers in the system. A security vulnerability exists in I...

SC Media Awards Cb Defense, Cb ThreatSight 5 Out of 5 Stars

"During testing, Cb Defense performed as a top-quality endpoint security program…Great intuitive cloud platform with an armament of modern security technologies with a quick implementation into your business environment." - SC Media "Carbon Black also offers Cb ThreatSight as an add-on, which is...

CVE-2017-1795

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042...

Security Bulletin: Incorrect certficate validation vulnerability in IBM MQ.NET Managed Client (CVE-2018-1543)

Summary IBM MQ Managed .NET Client could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques Vulnerability Details...

Can Your Managed Detection and Response Service Do This?

Submitted by Steve Duncan Trend Micro has recently introduced its Managed Detection and Response Service to North America. This spring at the RSA show in San Francisco I had that chance to catch up with Jon Oltsik of ESG again to discuss our new offering and why we think the time is right. As...

Security Bulletin: Apache Commons FileUpload Vulnerabilities in IBM WebSphere MQ Managed File Transfer component (CVE-2016-1000031)

Summary The DiskFileItem class in Apache Commons Fileupload before 1.3.3, as used in IBM WebSphere MQ Managed File Transfer, specifically the Web Gateway component, allows remote attackers to execute arbitrary code under current context of the current process causing an undefined behavior...

Security Bulletin: IBM WebSphere MQ and IBM MQ Managed File Transfer is affected by an undefined behavior because of insecure file permission vulnerability (CVE-2017-1699)

Summary IBM WebSphere MQ and IBM MQ Managed File Transfer create certain files during startup. The file permissions set on those files are not secure allowing local attacks. This could lead to undefined behavior or remove any pending managed file transfers from an agent. Vulnerability Details...

Security Bulletin: A security vulnerability has been identified in WebSphere MQ shipped with WebSphere Remote Server (CVE-2013-0248)

Summary WebSphere MQ is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere MQ has been published in a security bulletin. Vulnerability Details For vulnerability details, see the security bulletin Apache Commons FileUpload vulnerabilit...

Security Bulletin: Apache Commons FileUpload vulnerability affects IBM WebSphere MQ Managed File Transfer (CVE-2013-0248)

Summary A vulnerability in Apache Commons FileUpload component potentially affects IBM WebSphere MQ Managed File Transfer. Vulnerability Details CVEID: CVE-2013-0248 DESCRIPTION: Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created...

Building a Profitable Security Services Offering

Security is the number one concern of business owners today. This isn’t surprising, with all of the hacks, breaches, data thefts, ransomware attacks and privacy violations that we hear about on a daily basis. And those are just the ones we know about – according to the Online Trust Alliance’s OTA...

CVE-2018-1583

IBM StoredIQ 7.6 could allow an authenticated attacker to bypass certain security restrictions. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to access and manipulate documents on StoredIQ managed data sources. IBM X-Force ID: 143331...

Apache Solr 6.x < 6.6.4 and 7.x < 7.3.1 XXE Vulnerability (SOLR-12316) - Linux

Apache Solr is prone to an XML external entity XXE expansion vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Xxe

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion XXE in Solr config files solrconfig.xml, schema.xml, managed-schema. In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerability...

Phoenix Contact managed FL SWITCH information disclosure vulnerability

Phoenix Contact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications in industries such as communications, critical manufacturing and information technology. An information disclosure vulnerability exists in Phoenix Contact...