CVE-2016-8952
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...
Read MoreAuthor: Cyberthreat Blog
CVE-2017-7529
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted...
Read MoreCVE-2017-11103
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus’ Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In...
Read MoreInvestigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 3 ? Physical Memory artefacts), (Thu, Jul 13th)
[This is third guest diary by Dr.Ali Dehghantanha. You can find his first diaryhereand second here. If you would like to propose a guest diary, please let us know] Continuing my earlier posts on investigation of BitTorrent Sync...
Read MoreCVE-2017-11202
FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.
Read More