Monthly Archive: February 2017

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the...

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. Date published : 2017-02-02 http://www.securityfocus.com/bid/95891 http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc

Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages. Date published : 2017-02-01 http://www.securityfocus.com/bid/94947 http://www.exim.org/static/doc/CVE-2016-9963.txt

IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user. Date published : 2017-02-01 http://www.securityfocus.com/bid/95326 http://www.ibm.com/support/docview.wss?uid=swg21996761

IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information. Date published : 2017-02-01 http://www.securityfocus.com/bid/95327 http://www.ibm.com/support/docview.wss?uid=swg21996761

A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable...

IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent. Date published : 2017-02-01 http://www.securityfocus.com/bid/95283 http://www.ibm.com/support/docview.wss?uid=swg2C1000238

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls....

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS. Date published : 2017-02-01 http://www.securityfocus.com/bid/95325 http://www.ibm.com/support/docview.wss?uid=swg21995155

IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. Date published...

IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. Date published : 2017-02-01 http://www.securityfocus.com/bid/95137 http://www.ibm.com/support/docview.wss?uid=swg21994932

IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly...