Firefox browser vulnerabilities that allow a hacker to trigger a service failure or cause other effects

Multiple vulnerabilities in the dom/media/systemservices/CamerasChild.cpp function of the Firefox WebRTC browser implementation are caused by synchronization errors when using a shared resource. Exploitation of these vulnerabilities could allow a malicious actor to cause service failures or other...

DEBIAN-CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections...

Design/Logic Flaw

Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management CLM 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager RQM 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x...

CVE-2015-4946

CVE-2015-4946 affects IBM CLM/Jazz-based products (RCLM, RQM, RTC, RRC, RDNG, RELM, Rhapsody DM, RSA DM) and related Jazz Team Server components. The issue allows an authenticated user to bypass access restrictions and perform unauthorized actions due to a design/logic flaw in IBM Rational LifeCy...

CVE-2015-4946

Rational LifeCycle Project Administration in Jazz Team Server in IBM Rational Collaborative Lifecycle Management CLM 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager RQM 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x...

CVE-2015-1971

CVE-2015-1971 affects IBM Jazz Team Server-based products across CLM, RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, and RSA DM. An unspecified denial-of-service vulnerability exists in Jazz Team Server components used by these products, with affected ranges spanning CLM 3.0.1–5.0.2, RRC 2.0–4.0.7, RDNG...

CVE-2015-1928

CVE-2015-1928 affects IBM Jazz-based CLM ecosystem (Jazz Team Server and multiple CLM apps such as RRC, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, etc.). The connected IBM bulletin confirms a remote attacker can exploit via a crafted website to hijack the victim’s click actions (clickjacking). Af...

Mozilla: Underflow through code inspection (MFSA 2015-145)

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP...

Default credentials

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials...

Openfire 3.10.2 - Privilege Escalation

Openfire 3.10.2 - Privilege Escalation + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt Vendor: ================================ www.igniterealtime.org/projects/openfire...

CVE-2015-0130

CVE-2015-0130 describes a cross-site scripting vulnerability in IBM Jazz Foundation/CLM stack (including CLM, RRC, RDNG, RTC, RQM ). The root cause is improper validation of user-supplied input, allowing remote authenticated users to craft a URL that executes arbitrary script/HTML in the victim’s...

CVE-2015-0112

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management CLM 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager RQM 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert RTC 2.0 through...

OpenNMS Authenticated XXE

OpenNMS is vulnerable to XML External Entity Injection in the Real-Time Console interface. Although this attack requires authentication, there are several factors that increase the severity of this vulnerability. 1. OpenNMS runs with root privileges, taken from the OpenNMS FAQ: "The difficulty...

USN-2458-1 firefox vulnerabilities

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to caus...

UBUNTU-CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data...

CVE-2014-3050

CVE-2014-3050 affects IBM Rational Team Concert (RTC) 3.x prior to 3.0.1.6 IF3 and 4.x prior to 4.0.7, where improper integration with build engines could allow remote authenticated users to discover credentials via unspecified vectors. The vulnerability is documented with an NVD entry (CVSS v2 b...

Google Chrome < 24.0.1312.56 Multiple Vulnerabilities

Binary data 6673.pasl...

Google Chrome < 24.0.1312.56 Multiple Vulnerabilities

Binary data 800934.prm...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in unspecified services in IBM Rational Team Concert RTC 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items...

CVE-2012-0748

Multiple cross-site request forgery CSRF vulnerabilities in unspecified services in IBM Rational Team Concert RTC 4.x before 4.0.0.1 allow remote attackers to hijack the authentication of arbitrary users for requests that modify work items...