Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2017-1381)

Summary There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router ODR. This only occurs when the system clock is changed. If the system clock is changed it could cause stale data to be cached and served. Vulnerability Details Consult the security...

Microsoft Windows: Configure Connected User Experiences and Telemetry

With this policy setting, you can forward Connected User Experience and Telemetry requests to a proxy server. If you enable this policy setting, you can specify the FQDN or IP address of the destination device within your organization SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptio...

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

Authentication flaw

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

CVE-2018-7572

Affected software: Pulse Secure Client (versions 9.0R1 and 5.3RX prior to 5.3R5). The issue: when configured to authenticate VPN users during Windows Logon, the client can bypass Windows authentication and execute commands with the client’s privileges. Conditions: attacker must interrupt the clie...

CVE-2018-7572

Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client. The attacker must interrupt the client's network...

Ramnit Changes Shape with Widespread Black Botnet

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb...

Security Bulletin: Vulnerabilities in OpenStack affect IBM Spectrum Scale V4.2 and V4.1.1 (CVE-2015-8466 and CVE-2016-0738)

Summary OpenStack vulnerabilities that could allow: - with OpenStack Swift 3, a remote attacker to launch a replay attack affects IBM Spectrum Scale CVE-2015-8466 - with OpenStack Object storageSwift, a remote authenticated attacker could exploit this vulnerability to consume all available...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

Security Bulletin: Information disclosure in WebSphere Application Server shipped with Jazz for Service Management (CVE-2017-1381)

Summary There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router ODR. This only occurs when the system clock is changed. If the system clock is changed it could cause stale data to be cached and served. Vulnerability Details CVEID: CVE-2017-1381...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)

Summary Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager FastBack for Workstations Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain...

Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Summary WebSphere Application Server may have insecure file permissions after custom startup scripts are run. The custom startup script will not pull the umask from the server.xml. This may cause some log files to have different permissions then expected. There is an information disclosure in the...

proxy.lib.berkeley.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-631748 Description| Value ---|--- Affected Website:| proxy.lib.berkeley.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

CVE-2017-7635

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

Cross site scripting

Cross-site scripting XSS vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-7635

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

CVE-2017-7639

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

Code injection

QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server...

Cross site request forgery (csrf)

QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections...

Design/Logic Flaw

QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to run arbitrary OS commands against the system with root privileges...