Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
1.0.0-incubating - 1.2.4
Description:
A default cipher key is used for the "remember me" feature when not
explicitly configured. A request that included a specially crafted
request parameter could be used to execute
Exploit Title: Notilus SQL injection
Product: Notilus travel solution software
Vulnerable Versions: 2012 R3
Tested Version: 2012 R3
Advisory Publication: 03/06/2016
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') [CWE-89]
CVE Reference:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3593-1 secur...@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 02, 2016
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ESA-2016-060: EMC Isilon OneFS Privilege Escalation Vulnerability
EMC Identifier: ESA-2016-060
CVE Identifier: CVE-2016-0908
Severity Rating: CVSS v3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected products:
EMC
Reported these 27/08/2015 these were eventually fixed in version 12 because the
entire application is based on emberjs now. There are no CVEs for these issues
assigned nor is there any acknowledgement of the issues in any patches.
Therefore only version 12 fixes these.
Multiple stored and