Monthly Archive: July 2017

Akeneo PIM CE and EE

Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. Date published :...

txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. Date published : 2017-07-13 https://github.com/twisted/txaws/issues/24

Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue. Date published : 2017-07-13 http://help.plot.ly/security-advisories/2016-08-08-plotlyjs-xss-advisory/

PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data). Date published : 2017-07-13 https://github.com/osalabs/phpminiadmin

ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in the Assignment Dropbox, BasicLTI, Blog Post, Blog, Group Course Email, Course Alumni, Course Enrolment, Group Membership, Course unenrolment, Course Enrolment List Search,...

ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access...

ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension check bypass in the Course component resulting in code execution. ATutor versions 2.2.1 and earlier are vulnerable to a directory...

FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. Date published : 2017-07-13 https://github.com/fedora-infra/fedmsg/blob/0.18.2/CHANGELOG.rst

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could...

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could...

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...