Security Bulletin: IBM Security QRadar Packet Capture is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091)

Summary A potential security vulnerability in CPUs may allow information disclosure. Vulnerability Details CVEID: CVE-2018-12126 Description: Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user ...

CVE-2020-8348

A DOM-based cross-site scripting XSS vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing...

CVE-2020-8347

A reflective cross-site scripting XSS vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing...

Cross site scripting

A DOM-based cross-site scripting XSS vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing...

QRadar Community Edition 7.3.1.6 Cross Site Scripting

------------------------------------------------------------------------ Reflected Cross-Site Scripting in QRadar Forensics link analysis page ------------------------------------------------------------------------ Yorick Koster, September 2019...

Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack (CVE-2018-0734)

Summary OpenSSL as used in IBM QRadar SIEM is vulnerable to a timing side channel attack Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing...

OpenEMR < 5.0.1 Patch 6 XSS Vulnerability

A vulnerability in flashcanvas.swf in OpenEMR could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

CVE-2018-18035

A vulnerability in flashcanvas.swf in OpenEMR before 5.0.1 Patch 6 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on a targeted system...

Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728)

Summary The product allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and allowing spoofing attacks. Vulnerability Details CVEID: CVE-2018-1728 Description: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to...

Security Bulletin:IBM QRadar SIEM is vulnerable to command injection. (CVE-2017-1696)

Summary The product passes unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. This allows attackers to execute arbitrary commands on the system. Vulnerability Details CVEID: CVE-2017-1696 DESCRIPTION: IBM QRadar could allow a remote authenticated attacker to execute...

Solaris 10 (sparc) : 127411-16

Message Queue 4.1 Update 4 Patch 6 SunOS 5.9 5.10 Core product. Date this patch was last updated by Sun : Mar/12/12 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

CVE-2017-18213

In Exponent CMS before 2.4.1 Patch 6, certain admin users can elevate their privileges...

EMC RSA Authentication Manager < 8.2 SP1 Patch 6 Stored Cross-Site Scripting (ESA-2017-152)

The version of EMC RSA Authentication Manager running on the remote host is prior to 8.2 SP1 Patch 6 8.2.1.6. It is, therefore, affected by an unspecified stored cross-site scripting vulnerability. Attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code...

CVE-2017-6303

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."...

CVE-2015-8577

Summary: CVE-2015-8577 affects McAfee VirusScan Enterprise prior to 8.8 Patch 6. The vulnerability lies in the Buffer Overflow Protection (BOP) feature, which allocates memory with Read/Write/Execute (RWX) permissions at predictable addresses on 32‑bit systems while protecting another application...

Unrestricted file upload

Unrestricted file upload vulnerability in mods/core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, the 2 src parameter in a none action to index.php, or the 3 "First...

ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-173: RSA® Authentication Manager Unvalidated Redirect Vulnerability EMC Identifier: ESA-2014-173 CVE Identifier: CVE-2014-2516 Severity Rating: CVSS v2 Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Affected Products: • RSA Authentication Manager...

CVE-2014-3138

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATHINFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of the...

CVE-2012-4585

McAfee Email and Web Security EWS 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway MEG 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL...