Monthly Archives: January 2015

NVD

CVE-2014-8893

Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

NVD

CVE-2014-8894

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.

NVD

CVE-2014-8895

IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.

Full Disclosure

Vulnerabilities in HP LaserJet

Posted by MustLive on Jan 29

Hello list!

There are Information Leakage and Insufficient Authorization vulnerabilities
in HP LaserJet. Vulnerabilities are in control panel of HP network MFP and
printers. Earlier I informed HP about it.

You can read articles in BBC
(http://seclists.org/fulldisclosure/2014/Dec/98) and Global Voices
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2014-December/009067.html)
about my attacks on network printers of…