CERT Advisories

VU#112412: Bizagi BPM Suite contains multiple vulnerabilities

Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability.

VU#239151: Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability

Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#480428: Juniper ScreenOS is vulnerable to a denial of service from...

Juniper ScreenOS 6.3,and possibly earlier versions,is vulnerable to a denial of service from malformed SSL packets.

VU#902790: Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user,which results in a cross-site request forgery(CSRF)vulnerability. (CWE-352)

VU#693092: Caldera 9.20 contains multiple vulnerabilities

Caldera 9.20,and possibly earlier versions,contains multiple vulnerabilities.

VU#673313: Google Search Appliance dynamic navigation cross-site scripting vulnerability

Google Search Appliance(GSA)devices contain a cross-site scripting(XSS)vulnerability when dynamic navigation is enabled.

VU#489228: Ignite Realtime Smack XMPP API contains multiple vulnerabilities

Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates(CWE-358)and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. (CWE-345)

VU#222929: Microsoft Internet Explorer CMarkup use-after-free vulnerability

Microsoft Internet Explorer contains a use-after-free vulnerability,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#719225: Apache Struts2 ClassLoader allows access to class properties via request...

Apache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters

VU#118748: POCO C++ Libraries NetSSL library fails to properly validate wildcard...

The POCO C++Libraries NetSSL library fails to properly validate wildcard certificates,allowing an attacker to trick the victim application into trusting a malicious certificate.

VU#350089: IBM Notes and Domino on x86 Linux specify an executable...

IBM Notes and Domino on x86 Linux are incorrectly built requesting an executable stack. This can make it easier for attackers to exploit vulnerabilities in Notes,Domino,and any of the child processes that they may spawn.

VU#622950: Toshiba Global Commerce Solutions’ 4690 Point of Sale operating system...

Toshiba Global Commerce Solutions' 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328)