Vulnerabilities & Updates

RSS NVD

  • CVE-2016-5893 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
  • CVE-2017-1347 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
  • CVE-2017-1131 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.
  • CVE-2017-1349 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.
  • CVE-2017-1132 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121418.
  • CVE-2017-1193 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.
  • CVE-2017-1348 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126524.
  • CVE-2017-1302 June 23, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.
  • CVE-2017-3948 June 23, 2017
    Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
  • CVE-2017-9356 June 23, 2017
    Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.
  • CVE-2017-2782 June 22, 2017
    An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application […]
  • CVE-2017-9775 June 22, 2017
    Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.
  • CVE-2017-9776 June 22, 2017
    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.
  • CVE-2017-2781 June 22, 2017
    An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when […]
  • CVE-2017-2780 June 22, 2017
    An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when […]
  • CVE-2017-0897 June 22, 2017
    ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
  • CVE-2015-9098 June 22, 2017
    In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code […]
  • CVE-2016-9983 June 22, 2017
    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.
  • CVE-2016-9747 June 22, 2017
    IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
  • CVE-2017-1326 June 22, 2017
    IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.

RSS Microsoft

  • MS16-095 - Critical: Cumulative Security Update for Internet Explorer (3177356) - Version: 2.0 June 13, 2017
    Severity Rating: CriticalRevision Note: V2.0 (June 13, 2017): To comprehensively address CVE-2016-3326, Microsoft is releasing June security updates for all affected Microsoft browsers. Microsoft recommends that customers running affected Microsoft browsers should install the applicable June security update to be fully protected from this vulnerability. See the applicable Release Notes or Microsoft Knowledge Base article […]
  • MS17-013 - Critical: Security Update for Microsoft Graphics Component (4013075) - Version: 3.0 May 9, 2017
    Severity Rating: CriticalRevision Note: V3.0 (May 9, 2017): Microsoft has re-released security update 4017018 for affected editions of Windows Server 2008. The re-release has been re-classified as a security update. Microsoft recommends that customers should install update 4017018 to be fully protected from CVE-2017-0038. Customers who have already installed the update do not need to […]
  • MS17-021 - Important: Security Update for Windows DirectShow (4010318) - Version: 2.0 April 11, 2017
    Severity Rating: ImportantRevision Note: V2.0 (April 11, 2017): Bulletin revised to announce that the security updates that apply to CVE-2017-0042 for Windows Server 2012 are now available. Customers running Windows Server 2012 should install update 4015548 (Security Only) or 4015551 (Monthly Rollup) to be fully protected from this vulnerability. Customers running other versions of Microsoft […]
  • MS16-037 - Critical: Cumulative Security Update for Internet Explorer (3148531) - Version: 2.0 April 11, 2017
    Severity Rating: CriticalRevision Note: V2.0 (April 11, 2017): Bulletin revised to announce the release of a new Internet Explorer cumulative update (4014661) for CVE-2016-0162. The update adds to the original release to comprehensively address CVE-2016-0162. Microsoft recommends that customers running the affected software install the security update to be fully protected from the vulnerability described […]
  • MS17-014 - Important: Security Update for Microsoft Office (4013241) - Version: 2.0 April 11, 2017
    Severity Rating: ImportantRevision Note: V2.0 (April 11, 2017): To comprehensively address CVE-2017-0027 for Office for Mac 2011 only, Microsoft is releasing security update 3212218. Microsoft recommends that customers running Office for Mac 2011 install update 3212218 to be fully protected from this vulnerability. See Microsoft Knowledge Base Article 3212218 for more information.Summary: This security update […]
  • MS16-084 - Critical: Cumulative Security Update for Internet Explorer (3169991) - Version: 1.1 March 17, 2017
    Severity Rating: CriticalRevision Note: V1.1 (March 17, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the […]
  • MS17-019 - Important: Security Update for Active Directory Federation Services (4010320) - Version: 1.0 March 14, 2017
    Severity Rating: ImportantRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.
  • MS17-022 - Important: Security Update for Microsoft XML Core Services (4010321) - Version: 1.0 March 14, 2017
    Severity Rating: ImportantRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would […]
  • MS17-009 - Critical: Security Update for Microsoft Windows PDF Library (4010319) - Version: 1.0 March 14, 2017
    Severity Rating: CriticalRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow information disclosure if a user views specially crafted PDF content online or opens a specially crafted PDF document.
  • MS17-023 - Critical: Security Update for Adobe Flash Player (4014329) - Version: 1.0 March 14, 2017
    Severity Rating: CriticalRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, and Windows 10.
  • MS17-010 - Critical: Security Update for Microsoft Windows SMB Server (4013389) - Version: 1.0 March 14, 2017
    Severity Rating: CriticalRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Windows SMBv1 server.
  • MS17-016 - Important: Security Update for Windows IIS (4013074) - Version: 1.0 March 14, 2017
    Severity Rating: ImportantRevision Note: V1.0 (March 14, 2017): Click here to enter text.Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker with access to the local system executes a malicious application. An attacker who successfully exploited this vulnerability could gain the same user rights […]
  • MS17-017 - Important: Security Update for Windows Kernel (4013081) - Version: 1.0 March 14, 2017
    Severity Rating: ImportantRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.
  • MS17-006 - Critical: Cumulative Security Update for Internet Explorer (4013073) - Version: 1.0 March 14, 2017
    Severity Rating: CriticalRevision Note: V1.0 (March 14, 2017): Bulletin published.Summary: This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the […]
  • MS17-018 - Important: Security Update for Windows Kernel-Mode Drivers (4013083) - Version: 1.0 March 14, 2017
    Severity Rating: ImportantRevision Note: V1.0 (March 14, 2017): Bulletin publishedSummary: This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

RSS Adobe

  • Security Bulletins posted June 13, 2017
    Adobe has published security bulletins for Adobe Flash Player (APSB17-17), Adobe Shockwave Player (APSB17-18), Adobe Captivate (APSB17-19) and Adobe Digital Editions (APSB17-20). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant … Continue reading →
  • Security Bulletin posted for Adobe Flash Player and Adobe Experience Manager Forms May 9, 2017
    Adobe has published security bulletins for Adobe Flash Player (APSB17-15) and Adobe Experience Manager Forms (APSB17-16). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. This posting is provided “AS IS” with … Continue reading →
  • Security Bulletin Posted for ColdFusion (APSB17-14) April 25, 2017
    Adobe has published a Security Bulletin (APSB17-14) announcing the availability of hotfixes for ColdFusion versions 2016, 11 and 10. These hotfixes resolve an input validation issue that could be used in reflected XSS (cross-site scripting) attacks (CVE-2017-3008). These hotfixes also include an … Continue reading →
  • Security Bulletins posted April 11, 2017
    Adobe has published security bulletins for Adobe Campaign (APSB17-09), Adobe Flash Player (APSB17-10), Adobe Acrobat and Reader (APSB17-11), Adobe Photoshop (APSB17-12) and the Creative Cloud Desktop Application (APSB17-13). Adobe recommends users update their product installations to the latest versions using … Continue reading →
  • Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-11) April 7, 2017
    A prenotification Security Advisory (APSB17-11) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, April 11, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the … Continue reading →
  • Security Bulletins posted for Flash Player and Adobe Shockwave Player March 14, 2017
    Adobe has published security bulletins for Adobe Flash Player (APSB17-07) and Adobe Shockwave Player (APSB17-08). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. This posting is provided “AS IS” with … Continue reading →
  • Security Bulletins posted for Flash Player, Digital Editions and Adobe Campaign February 14, 2017
    Adobe has published security bulletins for Adobe Flash Player (APSB17-04), Adobe Digital Editions (APSB17-05) and Adobe Campaign (APSB17-06). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. This posting is … Continue reading →
  • Security Bulletins posted January 10, 2017
    Adobe has published security bulletins for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin. This posting is provided “AS … Continue reading →
  • Upcoming Security Updates for Adobe Acrobat and Reader (APSB17-01) January 5, 2017
    A prenotification Security Advisory (APSB17-01) has been posted regarding upcoming releases for Adobe Acrobat and Reader scheduled for Tuesday, January 10, 2017. We will continue to provide updates on the upcoming releases via the Security Advisory as well as the … Continue reading →
  • Security Bulletins Posted December 13, 2016
    Adobe has published the following security bulletins to advise customers of available security updates.  Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin: Adobe Animate (APSB16-38) Adobe Flash Player (APSB16-39) … Continue reading →

RSS Have I been pwned? latest breaches

  • Exposed VINs (unverified) - 396,650 breached accounts June 9, 2017
    In June 2017, an unsecured database with more than 10 million VINs (vehicle identification numbers) was discovered by researchers. Believed to be sourced from US car dealerships, the data included a raft of personal information and vehicle data along with 397k unique email addresses.
  • Data Enrichment Records (unverified) - 8,176,132 breached accounts June 8, 2017
    In December 2016, more than 200 million "data enrichment profiles" were found for sale on the darknet. The seller claimed the data was sourced from Experian and whilst that claim was rejected by the company, the data itself was found to be legitimate suggesting it may have been sourced from other legitimate locations. In total, […]
  • Abandonia - 776,125 breached accounts June 5, 2017
    In November 2015, the gaming website dedicated to classic DOS games Abandonia suffered a data breach resulting in the exposure of 776k unique user records. The data contained email and IP addresses, usernames and salted MD5 hashes of passwords.
  • Edmodo - 43,423,561 breached accounts June 1, 2017
    In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available. The records in the breach included usernames, email addresses and bcrypt hashes of passwords.
  • DaFont - 637,340 breached accounts May 18, 2017
    In May 2017, font sharing site DaFont suffered a data breach resulting in the exposure of 637k records. Allegedly due to a SQL injection vulnerability exploited by multiple parties, the exposed data included usernames, email addresses and passwords stored as MD5 without a salt.
  • Bell (2017 breach) - 2,231,256 breached accounts May 16, 2017
    In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records. The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate […]
  • Exploit.In (unverified) - 593,427,119 breached accounts May 6, 2017
    In late 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Exploit.In". The list contained 593 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it in […]
  • Anti Public Combo List (unverified) - 457,962,538 breached accounts May 4, 2017
    In December 2016, a huge list of email address and password pairs appeared in a "combo list" referred to as "Anti Public". The list contained 458 million unique email addresses, many with multiple different passwords hacked from various online systems. The list was broadly circulated and used for "credential stuffing", that is attackers employ it […]
  • Retina-X - 71,153 breached accounts April 30, 2017
    In February 2017, the mobile device monitoring software developer Retina-X was hacked and customer data downloaded before being wiped from their servers. The incident was covered in the Motherboard article titled Inside the 'Stalkerware' Surveillance Market, Where Ordinary People Tap Each Other's Phones. The service, used to monitor mobile devices, had 71k email addresses and […]
  • R2 (2017 forum breach) - 1,023,466 breached accounts April 25, 2017
    In early 2017, the forum for the gaming website R2 Games was hacked. R2 had previously appeared on HIBP in 2015 after a prior incident. This one exposed over 1 million unique user accounts and corresponding MD5 password hashes with no salt.
Top