Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2015-4872)

Summary IBM Java SDK is shipped as a component of IBM Data Studio, InfoSphere Data Architect, InfoSphere Optim Query Workload Tuner for Linux, UNIX and Windows, and InfoSphere Optim Query Workload Tuner for z/OS. Information about a security vulnerability affecting IBM Java SDK has been published...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)

Summary There are multiple vulnerabilities in IBMｮ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console DSWC. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVE-ID: CVE-2014-6593...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2014-6558, CVE-2014-3068)

Summary There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Versions 7 Service Refresh 7 Fix Pack 1, 7R1 Service Refresh 1 Fix Pack 1, 6 Service Refresh 16 Fix Pack 1, and earlier releases that are used by various Optim data server tools desktop products. These issues were...

One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

DEBIAN-CVE-2018-10360

The docorenote function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted ELF file...

AdTego SiteIntel - AdBlocker Detect - Critical - Unsupported - SA-CONTRIB-2018-039

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466...

Sharesniffer - Network Share Sniffer And Auto-Mounter For Crawling Remote File Systems

sharesniffer is a network analysis tool for finding open and closed file shares on your local network. It includes auto-network discovery and auto-mounting of any open cifs and nfs shares. How to use Example to find all hosts in 192.168.56.0/24 network and auto-mount at /mnt: python sniffshares.p...

Unspecified Vulnerability in SAP Note Assistan

SAP Note Assistant is a tool to help automate the import of changes in SAP Notes, a document created by a developer who finds a bug in an ABAP program that describes the problem and the associated program modification code. An unspecified vulnerability exists in SAP Note Assistant. An attacker...

DEBIAN-CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1...

Synology Note Station Cross-Site Scripting Vulnerability

Synology Note Station is a cloud-based note management platform from Synology. A cross-site scripting vulnerability exists in SYNO.NoteStation.Note in Synology Note Station versions prior to 2.5.1-0844. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with th...

Synology Note Station Attachment Preview Cross-Site Scripting Vulnerability

Synology Note Station is a cloud-based note management platform from Synology, and Attachment Preview is one of the attachment preview feature components. A cross-site scripting vulnerability exists in Attachment Preview in Synology Note Station 2.5.1-0844 and prior versions. A remote attacker ca...

CVE-2018-8912

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

CVE-2018-8911

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

CVE-2018-8911

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

CVE-2018-8912

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

Cross site scripting

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

CVE-2018-8912

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

CVE-2018-8911

Cross-site scripting XSS vulnerability in Attachment Preview in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...