CVE-2016-4040

CVE-2016-4040 affects dotCMS prior to version 3.3.2. A SQL injection in the Workflow Screen allows remote administrators to execute arbitrary SQL commands through the orderby parameter. Exploitation would impact data confidentiality, integrity, and availability as described by CVSS metrics (base ...

Stored XSS in ViewWorkflowTransition.jsp

Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...

[SECURITY] Fedora 23 Update: cups-filters-1.4.0-1.fc23

Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrintin...

Xcode 7 Bitcode workflow and Security Assessment-vulnerability warning-the black bar safety net

With Xcode 7, Apple is Xcode adds a new feature Bitcode 【1】： ! New features often mean new attack surface. This article first describes what is Bitcode and Bitcode workflow in the familiar with the Bitcode of the workflow, the next step is to assess the Bitcode related to the attack surface, and...

abrt and libreport security update

abrt 2.1.11-35.0.1 - Drop libreport-rhel and libreport-plugin-rhtsupport requires 2.1.11-35 - make /var/spool/abrt owned by root - remove 'r' from /var/spool/abrt for other users - abrt-action-install-debug-info: use secure temporary directory - stop saving abrt's core files to /var/spool/abrt if...

Vulnerability management the flow of electrons-vulnerability warning-the black bar safety net

0x01 is written on the front This article is mainly to share and record some of their own growth, such as a poorly written local, but also hope to Treatise on. In the most early for vulnerability management in this thing, individuals feel more nausea. Especially all kinds of mail sent to sent to,...

Twitter Open Sources 'Diffy' that Automatically Catches Potential Bugs in Code

After, Facebook open sourced Thrift Technology an internally used tool by Facebook in 2007, rival entity Twitter brings Diffy, an internal Twitter service to the world. Yesterday, Twitter introduced "Diffy," an open source tool, acting as a helping hand for the software developers to catch bugs,...

The vulnerability of the OnCommand Workflow Automation data storage automation tool allows a hacker to execute arbitrary code.

The OnCommand Workflow Automation tool installer installs the JDWP service Java Debugging Wire Protocol. This service allows a remote attacker to execute arbitrary code through an unspecified vector...

Oracle Linux 7 : abrt (ELSA-2015-1083)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1083 advisory. abrt 2.1.11-22.0.1 - Drop libreport-rhel and libreport-plugin-rhtsupport requires 2.1.11-22 - do not open the buildids file as the user abrt - do not...

abrt security update

abrt 2.1.11-22.0.1 - Drop libreport-rhel and libreport-plugin-rhtsupport requires 2.1.11-22 - do not open the buildids file as the user abrt - do not unlink failed and big user core files - Related: 1212819, 1216973 2.1.11-21 - validate all D-Bus method arguments - Related: 1214610 2.1.11-20 -...

NetApp OnCommand Workflow Automation Remote Code Execution Vulnerability

NetApp OnCommand Workflow Automation is a suite of automated execution storage process management software from the U.S. company NetApp. The software provides storage configuration, storage cloning and other functions for the database or file system. A security vulnerability exists in the NetApp...

CVE-2015-3292

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

Code injection

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-3292

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol JDWP service, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2015-3292

NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 installs the Java Debug Wire Protocol (JDWP) service via the installer, enabling remote code execution by an attacker through unspecified vectors. This vulnerability is corroborated across multiple sources (NVD entry CVE-201...

Multi Purpose Fuzzer: zzuf

Multi Purpose Fuzzer zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data which more than often comes from untrusted sources on the Internet. It works by intercepting file and network operations and changing random...

IBM Workflow for Bluemix Information Disclosure Vulnerability

IBM Bluemix is a suite of cloud platforms for building, running and managing applications and services. An information disclosure vulnerability exists in IBM Workflow for Bluemix, which allows attackers to exploit the vulnerability to obtain sensitive information...

HP Capture and Route Software Remote Information Disclosure Vulnerability

HP Capture and Route Software is one of the HP JetAdvantage Workflow Solution to effectively manage, update, and store information. A remote information disclosure vulnerability exists in HP Capture and Route Software. This vulnerability could be exploited by an authenticated, remote attacker to...

Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.actio has multiple cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. The Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action script handles a cross-site scripting vulnerability in workflowMarkup that can be exploited by a remote attacker to construct a malicious URI, which induces the user to parse it,...

Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows /plugins/approvalsworkflow/saveworkflowmarkup.action script processing attachment-macro has a cross-site scripting vulnerability that can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it...