More article whitepapers
Free Research and Reports
- Creative Leadership - Interop New York
- Designing Infrastructure for Private Clouds - Interop New York
- Key Elements of a Vulnerability Management Program - Interop New York
- Is Your Data Really Safe? A Security Checklist Everyone Must Implement - Interop New York
- Next-Generation Firewalls: Results from the Lab - Interop New York
Dark Reading Digital Magazine
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6306 (power_710, power_720, power_730, power_740, power_740_firmware, power_750, power_760, power_760_firmware, power_770, power_770_firmware, power_780, power_795, power_ese, powerlinux_7r1, powerlinux_7r2)
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 184.108.40.206, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 220.127.116.11 on Linux and AIX, and 5.x and 6.x before 18.104.22.168 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1) result or (2) error message.
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.