Veeam Availability Console v3 Patch 2 (build 2725)

Challenge Veeam Availability Console v3 Patch 2 build 2725. This update supersedes Veeam Availability Console v3 Patch 1 build 2703. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 2. You can check this under Windows Programs and features. After...

SUSE-SU-2018:2938-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15)

This update for the Linux Kernel 4.12.14-256 fixes one issue. The following security issue was fixed: - CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr function in net/ipv4/cipsoipv4.c...

Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4314 DESCRIPTION: OpenID4Java could allow a remote attacker to bypass security restrictions, caused by the improper...

Security Bulletin: IBM QRadar SIEM has weak password requirements. (CVE-2016-9738)

Summary The product does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Vulnerability Details CVEID: CVE-2016-9738 DESCRIPTION: IBM QRadar does not require that users should have strong passwords by default, which...

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM QRadar SIEM, and QRadar Incident Forensics (CVE-2015-7575)

Summary The MD5 “SLOTH” vulnerability on TLS 1.2 affects IBM QRadar SIEM and QRadar Incident Forensics. Vulnerability Details CVEID: CVE-2015-7575 DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a...

CVE-2015-7610

Cross-site request forgery CSRF vulnerability in the login form in Zimbra Collaboration Suite aka ZCS before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF...

CVE-2018-1000019

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

CVE-2018-1000019

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

Cross site scripting

OpenEMR version 5.0.0 contains a Cross Site Scripting XSS vulnerability in open-flash-chart.swf and posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

CVE-2018-1000020

OpenEMR version 5.0.0 contains a Cross Site Scripting XSS vulnerability in open-flash-chart.swf and posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

Command injection

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

CVE-2018-1000020

OpenEMR version 5.0.0 contains a Cross Site Scripting XSS vulnerability in open-flash-chart.swf and posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

CVE-2018-1000019

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in faxdispatch.php that can result in OS command injection by an authenticated attacker with any role. This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

CVE-2018-1000020

OpenEMR version 5.0.0 contains a Cross Site Scripting XSS vulnerability in open-flash-chart.swf and posteddata.php that can result in . This vulnerability appears to have been fixed in 5.0.0 Patch 2 or higher...

Novell GroupWise Cross-Site Scripting Vulnerability (CNVD-2017-05134)

Novell GroupWise is a collaborative communication system from Novell. The system provides collaborative communication services such as e-mail, scheduling, instant messaging, task management, document management, and contact management.Document Viewer Agent is one of the document viewers. A...

Default credentials

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters...

CVE-2014-2269

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters...

IBM Tivoli Endpoint Manager Server 9.0.777 (patch 2) LDAP and AD Authentication

According to its self-reported version, IBM Tivoli Endpoint Manager Server 9.0.777.0 patch 2 is installed on the remote host. It is, therefore, affected by a vulnerability that could allow an attacker to impersonate any LDAP-authenticated Console user when LDAP and Active Directory authentication...

McAfee VirusScan Enterprise本地权限提升漏洞

BUGTRAQ ID: 58163 McAfee VirusScan是一款流行的实时病毒保护应用程序。 McAfee VirusScan Enterprise 8.8 Patch 2在管理员开启了访问保护后，VSE的一个组件允许权限提升，通过身份验证的用户可利用此漏洞提升权限。此漏洞影响关闭了访问保护和自保护的VSE 8.8 Patch 2。 0 McAfee VirusScan Enterprise 8.8 Patch 2 厂商补丁： McAfee ------ McAfee已经为此发布了一个安全公告（SB10038）以及相应补丁: SB10038：McAfee Security...

Novell GroupWise Client 8.x < 8.0.3 Hot Patch 2 / 2012.x < 2012 SP1 Hot Patch 1 Multiple Vulnerabilities

The version of Novell GroupWise Client installed on the remote Windows host is 8.x prior to 8.0.3 Hot Patch 2 8.0.3.26516 or 2012.x prior to 2012 SP1 Hot Patch 1 12.0.1.16521. It is, therefore, reportedly affected by the following vulnerabilities : - An unspecified error exists related to an...