The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Monthly Archives: May 2015
CVE-2015-1921
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Vuln: PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
Vuln: php-gd 'gdxpm.c' NULL Pointer Dereference Denial of Service Vulnerability
php-gd ‘gdxpm.c’ NULL Pointer Dereference Denial of Service Vulnerability
DSA-3273 tiff – security update
William Robinet and Michal Zalewski discovered multiple vulnerabilities
in the TIFF library and its tools, which may result in denial of
service or the execution of arbitrary code if a malformed TIFF file
is processed.
Vuln: Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
Oracle Java SE CVE-2015-0459 Remote Security Vulnerability
Vuln: ownCloud CVE-2015-3013 Security Bypass Vulnerability
ownCloud CVE-2015-3013 Security Bypass Vulnerability
phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities
Posted by Jing Wang on May 24
*phpwind v8.7 XSS (Cross-site Scripting) Web Security Vulnerabilities*
Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security
Vulnerabilities
Product: phpwind
Vendor: phpwind
Vulnerable Versions: v8.7
Tested Version: v8.7
Advisory Publication: May 25, 2015
Latest Update: May 25, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM)…
phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities
Posted by Jing Wang on May 24
*phpwind v8.7 Unvalidated Redirects and Forwards Web Security
Vulnerabilities*
Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security
Vulnerabilities
Product: phpwind
Vendor: phpwind
Vulnerable Versions: v8.7
Tested Version: v8.7
Advisory Publication: May 24, 2015
Latest Update: May 24, 2015
Vulnerability Type: URL Redirection to Untrusted Site (‘Open Redirect’)
[CWE-601]
CVE Reference: *
Impact CVSS Severity…
Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities
Posted by Jing Wang on May 24
*Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security
Vulnerabilities*
Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS
Security Vulnerabilities
Product: Gcon Tech Solutions
Vendor: Gcon Tech Solutions
Vulnerable Versions: v1.0
Tested Version: v1.0
Advisory Publication: May 23, 2015
Latest Update: May 23, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version…