IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim’s path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim.
Monthly Archives: February 2017
Microsoft Office Word Malicious Macro Execution
This Metasploit module generates a macro-enabled Microsoft Office Word document. The comments metadata in the data is injected with a Base64 encoded payload, which will be decoded by the macro and execute as a Windows executable. For a successful attack, the victim is required to manually enable macro execution.
EMC Isilon InsightIQ Authentication Bypass
EMC Isilon InsightIQ is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. Versions affected include 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, and 3.0.0.
JUNG Smart Visu Server 1.0.8x Path Traversal / Backdoor Accounts
JUNG Smart Visu server with firmware versions 1.0.804, 1.0.830, and 1.0.832 suffer from backdoor account and path traversal vulnerabilities.
Red Hat Security Advisory 2017-0258-01
Red Hat Security Advisory 2017-0258-01 – Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
Red Hat Security Advisory 2017-0260-01
Red Hat Security Advisory 2017-0260-01 – Ansible is a simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The gdeploy package provides Ansible modules to setup and configure GluterFS. Multiple security issues have been addressed.
Red Hat Security Advisory 2017-0259-01
Red Hat Security Advisory 2017-0259-01 – Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix: It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
CVE-2016-2866
An specified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.
CVE-2015-5013
The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access.
CVE-2017-1128
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.