Azure Data Expert Ultimate version 2.2.16 suffers from a buffer overflow vulnerability.
Monthly Archives: March 2017
WikiLeaks Exposed CIA's Hacking Tools And Capabilities Details
WikiLeaks has published a massive trove of confidential documents in what appear to be the biggest ever leak involving the US Central Intelligence Agency (CIA).
WikiLeaks announced series Year Zero, under which the whistleblower organization will reveal details of the CIA’s global covert hacking program.
As part of Year Zero, Wikileaks published its first archive, dubbed Vault 7, which
CVE-2016-9727
IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.
CVE-2016-9693
IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicious payload. An existing file type restriction can be bypassed so that the payload might be considered executable and cause damage on the victim’s machine. IBM Reference #: 1998655.
CVE-2016-9730
IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549.
CVE-2016-9723
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
CVE-2016-9740
IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested by an actor. IBM Reference #: 1999556.
CVE-2016-9725
IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.
CVE-2017-1124
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local attacker to obtain sensitive information using HTTP Header Injection. IBM Reference #: 1998053.
CVE-2016-8971
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.