Monthly Archive: March 2017

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this...

IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading...

IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. Date published : 2017-03-31 http://www.securityfocus.com/bid/97305 https://github.com/TigerVNC/tigervnc/pull/436

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. Date published : 2017-03-31 http://www.securityfocus.com/bid/97305 https://github.com/TigerVNC/tigervnc/pull/436

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. Date published : 2017-03-31 http://www.securityfocus.com/bid/97305 https://github.com/TigerVNC/tigervnc/pull/440

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution. Date published : 2017-03-31 http://www.securityfocus.com/bid/97305 https://github.com/TigerVNC/tigervnc/pull/438

In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server. Date published : 2017-03-31 http://www.securityfocus.com/bid/97305 https://github.com/TigerVNC/tigervnc/pull/441

A Cross-Site Scripting (XSS) was discovered in ‘Magmi 0.7.22’. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the ‘magmi-git-master/magmi/web/ajax_gettime.php’ URL. An attacker could execute arbitrary HTML and script code...

A Cross-Site Scripting (XSS) was discovered in ‘SocialNetwork v1.2.1’. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the ‘SocialNetwork-andrea/app/template/pw_forgot.php’ URL. An attacker could execute arbitrary HTML and script code...

Multiple Cross-Site Scripting (XSS) were discovered in ‘openeclass Release_3.5.4’. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the ‘openeclass-master/modules/tc/webconf/webconf.php’ URL. An attacker could execute arbitrary HTML and script...

A Cross-Site Scripting (XSS) was discovered in ‘wallacepos v1.4.1’. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the ‘wallacepos-master/myaccount/resetpassword.php’ URL. An attacker could execute arbitrary HTML and script code...

TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter). Date published : 2017-03-31 http://www.securityfocus.com/bid/97309 https://github.com/TheFirstQuestion/HelpMeWatchWho/issues/1