Malicious code in tema-cnp (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c2745cc070d505850bb1ac172e24c2433bbec8ea8b59619e7e67ecd862f10635 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

tema-natale.com Cross Site Scripting vulnerability OBB-1327095

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Bulletin: Authentication bypass in IBM Tivoli Monitoring Service console

Summary The following security issues has been identified in the IBM Tivoli Monitoring Service console. Vulnerability Details CVEID: CVE-2019-4592 DESCRIPTION: IBM Tivoli Monitoring Service could allow an unauthorized user to access and modify operation aspects of the ITM monitoring server possib...

CVE-2019-14343

TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabularioid=list URI...

CVE-2017-1198

CVE-2017-1198 affects IBM BigFix Compliance 1.7–1.9.91 (TEMA SUAv1 SCA SCM). The underlying issue is that sensitive information is stored in URL parameters, enabling potential information disclosure if URLs are exposed in server logs, referrer headers, or browser history. The NVD entry notes expl...

CVE-2017-1202

CVE-2017-1202 affects IBM BigFix Compliance 1.7–1.9.91 (TEMA SUAv1 SCA SCM). The vulnerability is HTML injection that could allow a remote attacker to inject HTML code, which would execute in the victim’s browser within the hosting site’s security context when viewed. No exploitation details or p...

Security Bulletin: IBM Tivoli Monitoring Agent Framework component. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9843)

Summary IBM Tivoli Monitoring uses zlib compression library in both the General services library and the File Transfer component. This bulletin address several reported vulnerabilities in the zlib compression library. Vulnerability Details CVEID: CVE-2016-9840 DESCRIPTION: zlib is vulnerable to a...

Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300)

Summary IBM Tivoli Monitoring uses Expat parser for parsing various configuration xml files as well as parsing soap requests. Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, could provide weaker than...

CVE-2017-1196

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 is affected by a weak default password policy (CVE-2017-1196). The issue, documented across multiple sources (NVD/Nessus/CNVD), states that the product does not require strong passwords by default, enabling an attacker to compromise user accounts ...

corazon.pe XSS vulnerability

Open Bug Bounty ID: OBB-210770 Description| Value ---|--- Affected Website:| corazon.pe Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Honeywell Tema Remote Installer ActiveX Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Honeywell Tema Remote Installer ActiveX Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Honeywell Tema...

Honeywell Tema Remote Installer - ActiveX Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Honeywell Tema...

Novus 1.0 (notas.asp nota_id) Remote SQL Injection Vulnerability

No description provided by source. Novus - Sistema de administracion y contenido. bug: Sql Inyection. official site: http://novus.com.mx d0rk: "Powered by Novus" free: no system: asp bug found by ka0x D.O.M TEAM we: ka0x, an0de, xarnuz, s0cratex ka0x01atgmail.com tables: 1- anota.notaid 2-...