Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data.
Monthly Archives: September 2016
CVE-2016-3005 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010.
CVE-2016-3008 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956.
CVE-2016-3010 (connections)
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005.
CVE-2016-5047 (oncommand_system_manager)
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
Tonight Mr. Robot is Going to Reveal ‘Dream Device For Hackers’
Mr. Robot is the rare show that provides a realistic depiction of hacks and vulnerabilities that are at the forefront of cyber security. This is the reason it’s been the most popular TV show of its kind.
Throughout season 1 and season 2, we have seen that connected devices are the entry point of choice of Elliot and fsociety to breach networks and traditional security controls.
Pwn Phone On
VMworld: Can you trust your API?
All too commonly API security is something of an afterthought, says ESET’s Cameron Camp at this year’s VMworld. This needs to change.
The post VMworld: Can you trust your API? appeared first on WeLiveSecurity.
Privacy Policy update: WhatsApp will share your information with Facebook
This week, every WhatsApp user experienced a pop-up message asking them to agree to the company’s new Terms and Privacy Policy. Those who just simply clicked on the green Agree button probably don’t have much of a clue as to what is going on.
Advanced Security, Simple Management: Kaspersky Lab Empowers SMBs and Service Providers with New Business Solution
Kaspersky Lab announced today a new Software-as-a-Service solution that will provide small and medium-sized businesses with multi-layered IT security – Kaspersky Endpoint Security Cloud