53 matches found
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Plexus-utils (CVE-2017-1000487)
Summary Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending contents with double quoted strings, an attacker could exploit this vulnerability to execute arbitrary commands on the system...
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Apache Tomcat 7.099 (CVE-2020-13935)
Summary Apache Tomcat 7.099 is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an...
Security Bulletin: IBM Resilient OnPrem does not properly limit the number or frequency of pssword reset interactions
Summary IBM Resilient OnPrem does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests for password reset Vulnerability Details CVEID: CVE-2019-4532 DESCRIPTION: IBM Resilient OnPrem does not properly limit the number or...
Vulnerable domain identification
Identifying potentially vulnerable Exchange endpoints //usr/bin/env go run "$0" "$@"; exit "$?" package main import "metasploit/module" "msmail" "net" "strings" func main metadata := &module.Metadata Name: "Vulnerable domain identification", Description: "Identifying potentially vulnerable Exchan...
CVE-2011-0464
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors...
Code injection
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors...
CVE-2011-0464
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors...
CVE-2011-0464
The CVE-2011-0464 entry concerns Novell Vibe OnPrem 3.0 prior to Hot Patch 1, with a remote code execution vulnerability described as unspecified vectors. The NVD record assigns a CVSS v2 base score of 10.0 (HIGH) and indicates network attack with no authentication required, affecting confidentia...
CVE-2010-4322
Cross-site scripting XSS vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog aka What Are You Working On? field...
Cross site scripting
Cross-site scripting XSS vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog aka What Are You Working On? field...
CVE-2010-4322
CVE-2010-4322: A stored XSS in gwtTeaming.rpc of Novell Vibe OnPrem 3 BETA via the Micro Blog field; lack of input sanitization/output encoding allows remote authenticated users to inject script. Impact includes potential session cookie theft, session hijacking, and related abuse. Fixed in the fi...
CVE-2010-4322
Cross-site scripting XSS vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog aka What Are You Working On? field...
Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability
Title: Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability Risk CVSS2 Base Score: High 7.0 Solutionary ID: SERT-VDN-1002 CVE ID: CVE-2010-4322 Solutionary disclosure URL: http://www.solutionary.com/index/SERT/Vuln-Disclosures/Novell-Vibe-Beta-3-XSS-vulnerability.html Product: Vibe...