IBM Security Access Manager 9.0.1 through 9.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158512. Date published : 2019-06-25 https://www.ibm.com/support/docview.wss?uid=ibm10888379 https://exchange.xforce.ibmcloud.com/vulnerabilities/158512
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID:...
IBM Security Access Manager 9.0.1 through 9.0.6 could reveal highly sensitive in specialized conditions to a local user which could be used in further attacks against the system. IBM X-Force ID: 158400. Date published...
IBM Security Access Manager 9.0.1 through 9.0.6 is affected by a security vulnerability that could allow authenticated users to impersonate other users. IBM X-Force ID: 158331. Date published : 2019-06-25 https://www.ibm.com/support/docview.wss?uid=ibm10888379 https://exchange.xforce.ibmcloud.com/vulnerabilities/158331
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request...
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject. Date published : 2019-06-25 https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action. Date published : 2019-06-25 https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. Date published : 2019-06-25 http://packetstormsecurity.com/files/161867/LiveZilla-Server-8.0.1.0-Cross-Site-Scripting.html https://forums.livezilla.net/index.php?/topic/10984-fg-vd-19-083085087-livezilla-server-are-vulnerable-to-cross-site-scripting-in-admin-panel/
LiveZilla Server before 8.0.1.1 is vulnerable to CSV Injection in the Export Function. Date published : 2019-06-25 https://forums.livezilla.net/index.php?/topic/10985-fg-vd-19-088-livezilla-server-is-vulnerable-to-csv-injection/
LiveZilla Server before 8.0.1.1 is vulnerable to SQL Injection in functions.internal.build.inc.php via the parameter p_dt_s_d. Date published : 2019-06-25 https://forums.livezilla.net/index.php?/topic/10983-fg-vd-19-086-livezilla-server-is-vulnerable-to-sql-injection-ii/
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via...
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another’s virtual memory under certain conditions via an mmap above 512 TB....
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element. Date published : 2019-06-25 http://www.securityfocus.com/bid/108880 http://www.pc-doctor.com/company/pr-articles/130-pc-doctor-responds-to-software-vulnerability-report
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through...