IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.
Monthly Archives: March 2017
CVE-2016-9729
IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.
CVE-2016-8940
IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and 7.1 does not perform sufficient authority checking on SQL queries. As a result, an attacker is able to submit SQL queries that access database tables that are not intended for access or use by administrators. The access of these product specific database tables may allow access to passwords or other sensitive information for the product. IBM Reference #: 1998946.
CVE-2016-9720
IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.
CVE-2016-9726
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.
CVE-2016-9728
IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543.
CVE-2016-9724
IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1999537.
Proxmark Iceman Fork 1.7.0
This is a custom firmware written for the proxmark3. It extends the currently available firmware (revision 2.3.0) to support brute force attacks against proximity card access control systems.
Good Weather App radio interview with Alexis Dorais-Joncas and Marc Saltzman
A full radio interview with ESET’s Alexis Dorais-Joncas and radio and TV personality Marc Saltzman – on NewsTalk 1010 – talking about a malicious weather app that was found on Google Play.
The post Good Weather App radio interview with Alexis Dorais-Joncas and Marc Saltzman appeared first on WeLiveSecurity
Western Digital My Cloud Command Injection / File Upload
Western Digital My Cloud suffers from unauthenticated OS command injection and arbitrary file upload vulnerabilities.