Monthly Archive: December 2017

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 – 8.0.1.1, and 8.0.0.0 – 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current...

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family,...

IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are configured for usage by the Web Application Bridge component. IBM X-Force ID: 127476. Date published : 2017-12-20 https://www.ibm.com/support/docview.wss?uid=swg22011400 https://exchange.xforce.ibmcloud.com/vulnerabilities/127476

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known...

IBM Security Guardium 10.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 124741. Date published : 2017-12-20 http://www.ibm.com/support/docview.wss?uid=swg22011516...

IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is...

IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736. Date published : 2017-12-20 http://www.ibm.com/support/docview.wss?uid=swg22010437 https://exchange.xforce.ibmcloud.com/vulnerabilities/124736

IBM Security Guardium 10.0 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 124684. Date published : 2017-12-20 http://www.securityfocus.com/bid/102308 http://www.ibm.com/support/docview.wss?uid=swg22010431

Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter. Date published : 2017-12-20 https://www.synology.com/en-global/support/security/Synology_SA_17_80

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs. Date published : 2017-12-19 https://bugzilla.redhat.com/show_bug.cgi?id=1048380...