Monthly Archive: August 2018

Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface....

Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the "mon" permission could use this vulnerability to obtain cluster credentials which could...

Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only...

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Date published : 2018-08-06 http://www.securityfocus.com/bid/104976 https://www.kb.cert.org/vuls/id/962459

IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID:...

IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. Date published : 2018-08-06 http://www.securityfocus.com/bid/105023 https://www.ibm.com/support/docview.wss?uid=swg22017450

An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/CSRF

An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/XSS.md

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/README.md

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/README.md

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/README.md

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/README.md

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/README.md

An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. Date published : 2018-08-06 https://github.com/AvaterXXX/QCMS/blob/master/README.md