Monthly Archive: August 2018

Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks. Date...

Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. Date published :...

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive information. Date...

Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information. Date published : 2018-08-30 http://www.securityfocus.com/bid/105297 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-01–security-notice-for-ca-ppm.html

A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing. Date published : 2018-08-30 http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02–security-notice-for-ca-unified-infrastructure-mgt.html

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Date published : 2018-08-30 http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02–security-notice-for-ca-unified-infrastructure-mgt.html

A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Date published : 2018-08-30 http://www.securityfocus.com/bid/105199 https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02–security-notice-for-ca-unified-infrastructure-mgt.html

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow Directory Traversal. Date published : 2018-08-30 https://xovis.com/security/xovis-sec-2018-003.html

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Date published : 2018-08-30 https://xovis.com/security/xovis-sec-2018-002.html

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. Date published : 2018-08-30 https://xovis.com/security/xovis-sec-2018-001.html

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted...

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver....

A Missing Impersonation Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged...