Security Bulletin: IBM QRadar SIEM is vulnerable to clear text passwords. (CVE-2016-2871)

Summary Some passwords in IBM QRadar SIEM were found in configuration files in clear text. Vulnerability Details CVE-ID: CVE-2016-2871 Description: IBM QRadar stores passwords in clear text in configuration files, that could allow a local user to obtain critical sensitive information and gain...

Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting. (CVE-2016-2869)

Summary Cross-Site Scripting was found in various fields in the QRadar UI. Vulnerability Details CVE-ID: CVE-2016-2869 Description: IBM QRadar is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a...

McAfee VirusScan Enterprise < 8.8 Patch 13 Privilege Escalation Vulnerability (SB10237)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 13. It is, therefore, affected by a privilege escalation vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110272; scriptversion"1.6";...

CVE-2018-6674

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges by default it runs with...

Privilege escalation

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges by default it runs with...

CVE-2018-6674

Privilege Escalation vulnerability in Microsoft Windows client McTray.exe in McAfee VirusScan Enterprise VSE 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges by default it runs with...

CVE-2018-6674

The CVE-2018-6674 issue affects McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13, specifically the McTray.exe component. The root cause is privilege escalation through the ability to spawn unrelated processes with elevated privileges when McTray.exe is granted elevated privileges by the sy...

Sql injection

xDashboard in OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 has SQL Injection...

EMC xPression 4.5SP1 Patch 13 - &#039;model.jobHistoryId&#039; SQL Injection

Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018 CVE: CVE-2017-14960 Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable. SQL Injection Vulnerability: ============================== This...

EMC xPression 4.5SP1 Patch 13 SQL Injection Vulnerability

Exploit for multiple platform in category web applications Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018 CVE: CVE-2017-14960 Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable. SQL...

Cross site scripting

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Cross-Site Scripting: /xAdmin/html/Deployment catid...

Xxe

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory...

CVE-2017-14755

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is vulnerable to Cross-Site Scripting via /xAdmin/html/XPressoDoc with the categoryId parameter. The CNVD entry confirms a remote attacker can inject arbitrary JavaScript to be reflected to users, ena...

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Vulnerability

Exploit for jsp platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPressio...

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Vulnerability

Exploit for jsp platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPressio...

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText...

OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection Vulnerability

Exploit for java platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPressi...

OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection Vulnerability

OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from a remote SQL injection vulnerability in the doclist functionality. Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE:...

OpenText Document Sciences xPression 4.5SP1 Patch 13 Arbitrary File Read Vulnerability

Exploit for java platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - Arbitrary File Read Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14754 Affected Software: ================== OpenText Document Sciences...

OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection

Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...