Monthly Archive: February 2017

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....

IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database....

Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session....

IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. Date published : 2017-02-01 http://www.securityfocus.com/bid/94582 http://www.ibm.com/support/docview.wss?uid=swg21994018

IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. Date published : 2017-02-01 http://www.securityfocus.com/bid/95650 http://www.ibm.com/support/docview.wss?uid=swg21993797

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials. Date published : 2017-02-01 http://www.securityfocus.com/bid/94644 http://www.ibm.com/support/docview.wss?uid=swg21995079

IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../)...

IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user. Date published : 2017-02-01 http://www.securityfocus.com/bid/94324 http://www.ibm.com/support/docview.wss?uid=swg21993982

IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a...

The presence of a hardcoded account named ‘core’ in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. Date published : 2017-02-01 http://www.securityfocus.com/bid/94186 https://fortiguard.com/advisory/FG-IR-16-065

IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../)...

IBM Kenexa LMS on Cloud 13.1 and 13.2 – 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...