Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.
Monthly Archives: July 2016
CVE-2016-2889
Cross-site request forgery (CSRF) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016, 6.0 and 6.0.1 before 6.0.1 ifix005, and 6.0.2 before ifix002 allows remote authenticated users to hijack the authentication of arbitrary users.
CVE-2016-2945
The API Discovery implementation in IBM WebSphere Application Server (WAS) 8.5.5.8 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote authenticated users to gain privileges via an external reference in a Swagger document.
Over 1000 Wendy’s restaurants hacked – customers’ credit card details stolen
Fast food giant Wendy’s says that it now believes that more than 1000 of its restaurants across the United States have fallen victim to a hacking gang, who used malware to steal customers’ credit and debit card information.
The post Over 1000 Wendy’s restaurants hacked – customers’ credit card details stolen appeared first on We Live Security.
Flaw Allows Attackers to Remotely Tamper with BMW's In-Car Infotainment System
The Internet of things or connected devices are the next big concerns, as more Internet connectivity means more access points which mean more opportunities for hackers.
When it comes to the threat to Internet of Things, Car Hacking is a hot topic.
Since many automobiles companies are offering cars that run mostly on the drive-by-wire system, a majority of functions are electronically
Goldilocks, HummingBad Android malware, and ‘what if?’
What does it cost the owner of a phone infected by HummingBad Android malware?
The post Goldilocks, HummingBad Android malware, and ‘what if?’ appeared first on Avira Blog.
CVE-2016-2119
libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.
[KIS-2016-11] IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
Posted by Egidio Romano on Jul 07
—————————————————————————
IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
—————————————————————————
[-] Software Link:
[-] Affected Versions:
Version 4.1.12.3 and prior versions.
[-] Vulnerability Description:
The vulnerable code is located in the…
Acer Portal Android Application – MITM SSL Certificate Vulnerability (CVE-2016-5648)
Posted by David Coomber on Jul 07
Acer Portal Android Application – MITM SSL Certificate Vulnerability
(CVE-2016-5648)
CODEBLUE.JP – Conference in Tokyo Calling for Papers by Aug.10
Posted by CFP on Jul 07
Dear all,
CODE BLUE in Tokyo is looking for innovative and creative research topics
regarding to security to be presented at the conference.
We are calling for U24 submissions while General/Tech submissions.
CODE BLUE is an international conference in Tokyo with the cutting egdes
talks from all over the world, and is a place for all participants to
exchange information and interact beyond borders and languages.
We will support the travel…