IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6.1 could allow a remote attacker to cause a denial of service, caused by a buffer over-read. Bysending a specially crafted request, the attacker could cause...
Read MoreA sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. This restricted shell can be...
Read MoreAffected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before...
Read Moreu’In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.’ in Snapdragon Connectivity, Snapdragon...
Read MoreA remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka ‘Microsoft SharePoint Remote Code Execution Vulnerability’. This...
Read MoreDr. Therese McAllister of NIST’s Community Resilience Program will be presenting on Community Resilience and the Role of Federal Support in Florida International University’s Preeminent Institute for Resilient and...
Read MoreRecently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreA cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ‘Microsoft Office SharePoint XSS...
Read MoreRecently I happened to notice that the Cisco AnyConnect VPN client clears the clipboard if you paste a password into it. (Note – if you know and can type any of your passwords in 2020, you should at least partially...
Read MoreA reader asked about another malicious file, thinking it is an intentionally corrupt ZIP file. If you follow the steps I showed in diary entry “Office: About OLE and ZIP Files”, you will see that it is not a corrupt...
Read MoreIn Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two...
Read MoreSQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can...
Read More