Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the Connections generic page.
Monthly Archives: November 2016
CVE-2016-3014 (rational_collaborative_lifecycle_management, rational_doors_next_generation, rational_engineering_lifecycle_manager, rational_quality_manager, rational_rhapsody_design_manager, rational_software_architect_design_manager, rational_team_concert)
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3057 (sterling_b2b_integrator)
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5890 (sterling_b2b_integrator)
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors.
CVE-2016-5905 (maximo_asset_management)
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-5987 (maximo_asset_management)
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime error message.
CVE-2016-9564 (boa)
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only ‘/’ and ‘.’ characters.
Anonymous invitations flooding your Apple calendar
Have you recently received a lot of invitations to your Apple calendar, too? Do not act on those invitations!
The post Anonymous invitations flooding your Apple calendar appeared first on Avira Blog.
Press Shift + F10 during Windows 10 Upgrade to Launch Root CLI & bypass BitLocker
If your computer’s security relies on Windows BitLocker Hard Drive Encryption software, then Beware! Because anyone with physical access to your PC can still access your files within few seconds.
All an attacker need to do is hold SHIFT+F10 during Windows 10 update procedure.
Security researcher Sami Laiho discovered this simple method of bypassing BitLocker, wherein an attacker can open a
thunderbird-45.5.0-1.fc25
For changes see: https://www.mozilla.org/en-US/thunderbird/45.5.0/releasenotes/