Latest Security News about security bulletin

Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1

Overview : Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. McAfee Security Bulletin - Network Security Manager/Network Security Platform/Network Threat Behavior Analysis update fixes multiple vulnerabilities (CVE-2013-4559, CVE-2015-3200, CVE-2016-2183, CVE-2020-7256, CVE-2020-7258) Security Bulletins ID:   SB10310 Last Modified:  3/17/2020 [...]

Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability

Overview : Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulnerability that could allow an attacker to manipulate a key file to bypass authentication.   Trend Micro Worry-Free Business Security Directory Traversal Authentication Bypass Vulnerability ZDI-20-307 ZDI-CAN-10073 CVE ID CVE-2020-8600 CVSS SCORE 8.6, (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) AFFECTED VENDORS Trend Micro AFFECTED PRODUCTS [...]

vBulletin 5.5.4 allows Two SQL Injection Vulnerabilities

Overview : vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList or ajax/api/widget/getWidgetList where parameter. Affected Product(s) : vBulletin 5.5.4 Vulnerability Details : CVE ID : CVE-2019-17271 1) User input passed through keys of the “where” parameter to the “ajax/api/hook/getHookList” endpoint is not properly validated before being used in an SQL query. This can be exploited […]

SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA)

  Overview : An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection. CVE-2020-9521   KM03630615- Multiple vulnerabilities lead [...]

Missing Authentication for Critical Function in IP-AK2

Overview : In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network. Affected Product(s) : IP-AK2 Access Control Panel Version 1.04.07 and prior Vulnerability Details : CVE ID : CVE-2019-13525 […]