87 matches found
Information disclosure
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164068...
CVE-2019-4485
IBM Emptoris Sourcing 10.1.0 through 10.1.3, IBM Contract Management 10.1.0 through 10.1.3, and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-Force ID: 164069...
CVE-2019-4420
IBM Intelligent Operations Center V5.1.0 through V5.2.0 could disclose detailed error messages, revealing sensitive information that could aid in further attacks against the system. IBM X-Force ID: 162738...
CVE-2019-4145
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400...
Security Bulletin: IBM QRadar SIEM is vulnerable to Information Exposure (CVE-2018-1729)
Summary The product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. Vulnerability Details CVEID: CVE-2018-1729 Description: IBM QRadar discloses sensitive information to unauthorized users. The information can be used to...
CVE-2017-1119
IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attack...
kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service
The xfsdinodeverify function in fs/xfs/libxfs/xfsinodebuf.c in the Linux kernel can cause a NULL pointer dereference in xfsilockattrmapshared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kerne...
Apache Struts2 high-risk vulnerabilities cause the Enterprise Server is the invasion mounted KoiMiner mining Trojan-vulnerability warning-the black bar safety net
0×1 Overview Many business websites use the Apache open source project to build a http server, which is most of the use of the Apache sub-project of Struts in. But since the Apache Struts2 Product code there are more risks, beginning in 2007, Struts2 will frequently broke multiple high-risk...
Quick Classifieds 1.0 - include/sendit2.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
MyAbraCadaWeb 1.0 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7126/info MyABraCaDaWeb is reported to disclose path information in error messages when handling some invalid requests. This information could be useful in further attacks against a system hosting the software...
Blazix 1.2 Password Protected Directory Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5567/info Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems. Blazix does not properly handle some special characters when appended to...
Dotproject 2.0 /modules/public/calendar.php baseDir Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/16648/info Dotproject is prone to multiple remote file-include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to includ...
Cyberwar between Israel and Turkish Hacker
Cyberwar between Israel and Turkish Hacker Turkish hacker "TurkGuvenligi " hijacked some 350 Israeli websites on Sunday evening, launching a Domain Name System DNS attack on at least seven high-profile websites including The Telegraph, Acer, National Geographic, UPS and Vodafone as well. Visitors...
MacOS X 10.6 HFS File System Attack (Denial of Service)
No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 / Proof of Concept for CVE-2010-0105 MacOS X 10.6 hfs file system attack Denial of Service by Maksymilian Arciemowicz from SecurityReason.com http://securityreason.com/achievementexploitalert/15 NOTE: This DoS will b...
Restrict the transmission of Confluence version details
I noticed that on several installs, Confluence by default displays its full version number and sometimes build number to the world. It is a commonly accepted web security practice to withhold all product details, including version information, except to users on a "need to know" basis. Otherwise,...
V-Webmail 1.6.4 - includespearSystem.php?CONFIG[pear_dir] Remote File Inclusion
V-Webmail 1.6.4 - includespearSystem.php?CONFIGpeardir Remote File Inclusion source: https://www.securityfocus.com/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an...
Quick Classifieds 1.0 - controlpannelcreatedb.php3?DOCUMENT_ROOT Remote File Inclusion
Quick Classifieds 1.0 - controlpannelcreatedb.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issu...
Portail Web PHP 2.5.1 - item.php Remote File Inclusion
Portail Web PHP 2.5.1 - item.php Remote File Inclusion source: https://www.securityfocus.com/bid/27616/info Portail Web Php is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to...
phpCMS 1.1.7 - 'class.edit_PHPcms.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/21768/info phpCMS is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks a...
Telekorn Signkorn Guestbook 1.x - adminadmin.php?dir_path Remote File Inclusion
Telekorn Signkorn Guestbook 1.x - adminadmin.php?dirpath Remote File Inclusion source: https://www.securityfocus.com/bid/19977/info Telekorn Signkorn Guestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow the...