Juniper NorthStar Controller Application CVE-2017-2318 Remote Privilege Escalation Vulnerability
Category Archives: Security
Security
Vuln: IBM Marketing Platform CVE-2016-0228 Open Redirect Vulnerability
IBM Marketing Platform CVE-2016-0228 Open Redirect Vulnerability
Newly Leaked Hacking Tools Were Worth $2 Million On The Gray Market
Latest Dump of Alleged NSA Tools Is 'The Worst Thing Since Snowden'
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
Posted by Securify B.V. on Apr 14
————————————————————————
Persistent Cross-Site Scripting in Scriptler Jenkins Plugin
————————————————————————
Burak Kelebek, April 2017
————————————————————————
Abstract
————————————————————————
A Cross-Site Scripting vulnerability was found in the…
CVE-2017-7871
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).
CVE-2016-7060
The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the display.
CVE-2016-0727
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.
CVE-2017-7717
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
CVE-2016-4455
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.