More news whitepapers
Free Research and Reports
- Internet of Things Summit - Interop New York
- Managing Applications in a Hybrid Cloud World - Interop New York
- Achieving Operational Excellence Through DevOps - Interop New York
- Key Elements of a Vulnerability Management Program - Interop New York
- Is Your Data Really Safe? A Security Checklist Everyone Must Implement - Interop New York
Dark Reading Digital Magazine
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section.
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 18.104.22.168, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 22.214.171.124 on Linux and AIX, and 5.x and 6.x before 126.96.36.199 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.