Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2017-15387)

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Corporation, of which Oracle Partner Management is a partner management component. A security vulnerability exists in the User Interface subcomponent of the Oracle Partner...

IBM Emptoris Sourcing Cross-Site Scripting Vulnerability

IBM Emptoris Sourcing is a source-to-contract solution from the US company. The solution helps organizations get affordable prices and greater value from suppliers by examining factors such as cost, risk and performance in sourcing decisions. A cross-site scripting vulnerability exists in IBM...

IBM Emptoris Sourcing Cross-Site Scripting Vulnerability (CNVD-2017-21231)

IBM Emptoris Sourcing is a source-to-contract solution from IBM USA. The solution helps organizations get affordable prices and greater value from suppliers by examining factors such as cost, risk and performance in sourcing decisions. A cross-site scripting vulnerability exists in IBM Emptoris...

IBM Emptoris Sourcing Cross-Site Scripting Vulnerability (CNVD-2017-21229)

IBM Emptoris Sourcing is a source-to-contract solution from IBM USA. The solution helps organizations get affordable prices and greater value from suppliers by examining factors such as cost, risk and performance in sourcing decisions. A cross-site scripting vulnerability exists in IBM Emptoris...

IBM Information Server Framework and InfoSphere Information Server on Cloud Cross-Site Scripting Vulnerability

IBM Information Server Framework and InfoSphere Information Server on Cloud are both products of the U.S. company IBM. The former is a set of data integration platform framework; the latter is a set of cloud-based data integration platform. A cross-site scripting vulnerability exists in IBM...

McAfee Advanced Threat Defense Elevation of Privilege Vulnerability

McAfee Advanced Threat Defense ATD is a suite of threat detection and defense solutions from the U.S.-based company McAfee McAfee. The solution provides malware analysis, shared threat intelligence, and isolation of compromised systems. The Web interface in McAfee ATD is vulnerable to a power...

Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2017-15372)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Oracle One-to-One Fulfillment is one of the...

CVE-2017-1321

IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2016-8950

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

CVE-2016-8948

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

CVE-2016-6114

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11835...

Adobe Fixes Six Vulnerabilities in Flash, Connect

Adobe fixed six vulnerabilities in two products, one of the company’s smallest security bulletins in recent memory, as part of its regularly scheduled round of updates on Tuesday. Included are fixes for the company’s Flash Player software platform, including a critical vulnerability CVE-2017-3099...

KLA11069 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and spoof user interface. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related to improper handling of...

KLA11070 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper...

KLA11845 Multiple vulnerabilities in Microsoft Exchange Server

Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. Security UI vulnerability in Microsoft Exchange can be exploited remotely via specially...

CVE-2017-2185

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI...

CVE-2017-2186

HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI...

Announcing the July ‘17 Release of Cb Defense

Editor's Note: If you are looking for the May 2017 Cb Defense release content, please scroll to the bottom of this page. This week, we’re happy to announce the rollout of the July ‘17 update of Cb Defense. Following the May ‘17 release, we heard a tremendous amount of positive feedback on the new...

CVE-2017-6713

A vulnerability in the Play Framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacke...

Cisco Identity Services Engine Guest Portal Cross-Site Scripting Vulnerability (cisco-sa-20170705-ise2)

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected device. SPDX-FileCopyrightText: 2017 Greenbone AG Some...