Latest Security News about attack

phpBB CSRF Token Hijacking attack exposed

Overview : phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS Affected Product(s) : phpBB version 3.2.7 Vulnerability Details : CVE ID : CVE-2019-13376 When an admin accesses the Administrator Control Panel (ACP) in phpBB, […]

IBM MQ is vulnerable to a denial of service attack

Overview : A vulnerability was found in the clustering code that caused a memory leak. This could be exploited by an attacker to execute a denial of service attack against a queue manager. Affected Product(s) :   IBM WebSphere MQ V7.1 versions 7.1.0.0 – 7.1.0.9 IBM WepSphere MQ V7.5 versions 7.5.0.0 – 7.5.0.9 IBM MQ […]

XSS attacks in Joomla! 3.x before 3.9.12

Overview : In Joomla! 3.x before 3.9.12, inadequate escaping allowed XSS attacks using the logo parameter of the default templates. Affected Product(s) : Joomla! 3.x before 3.9.12 Vulnerability Details : CVE ID : CVE-2019-16725 Inadequate escaping allowed XSS attacks using the logo parameter of the default templates. Solution : Upgrade to version 3.9.12

Attackers gain read access to privileged files in Niagara AX

Overview : A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). Affected Product(s) : Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, […]

IBM WebSphere Application Server allows remote attackers

Overview : IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. Affected Product(s) : IBM WebSphere Application Server 7.0 IBM WebSphere […]