Monthly Archive: October 2016

XSS & SQLi in HugeIT slideshow v1.0.4 Date published : 2016-10-21 http://www.securityfocus.com/bid/93822 http://extensions.joomla.org/extensions/extension/photos-a-images/slideshow/slideshow

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS Date published : 2016-10-21 http://www.securityfocus.com/bid/93821 http://huge-it.com/joomla-portfolio-gallery/

Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS Date published : 2016-10-21 http://www.securityfocus.com/bid/93821 http://huge-it.com/joomla-portfolio-gallery/

The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors....

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. Date...

IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS...

IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information. Date...

Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a...

IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. Date published : 2016-10-21 http://www.securityfocus.com/bid/93825 http://www-01.ibm.com/support/docview.wss?uid=swg21990229

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request...

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers...

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. Date published :...

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search...

Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. Date published : 2016-10-17 http://marc.info/?l=bugtraq&m=105830019209609&w=2 http://members.fortunecity.it/lethalman2002/bugs/splatt.html