CERT Advisories

VU#124908: Dell ML6000 and Quantum Scalar i500 tape backup system command...

Dell ML6000 and Quantum Scalar i500 tape backup system contain a command injection vulnerability.

VU#537684: Alfresco Enterprise contains multiple cross-site scripting vulnerabilities

Alfresco Enterprise 4.1.6 and possibly earlier versions are vulnerable to multiple cross-site scripting(XSS)vulnerabilities.

VU#112412: Bizagi BPM Suite contains multiple vulnerabilities

Bizagi BPM Suite contains a reflected cross-site scripting vulnerability and a SQL injection vulnerability.

VU#239151: Microsoft Internet Explorer 8 CMarkup use-after-free vulnerability

Microsoft Internet Explorer 8 contains a use-after-free vulnerability that can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#480428: Juniper ScreenOS is vulnerable to a denial of service from...

Juniper ScreenOS 6.3,and possibly earlier versions,is vulnerable to a denial of service from malformed SSL packets.

VU#902790: Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user,which results in a cross-site request forgery(CSRF)vulnerability. (CWE-352)

VU#693092: Caldera 9.20 contains multiple vulnerabilities

Caldera 9.20,and possibly earlier versions,contains multiple vulnerabilities.

VU#673313: Google Search Appliance dynamic navigation cross-site scripting vulnerability

Google Search Appliance(GSA)devices contain a cross-site scripting(XSS)vulnerability when dynamic navigation is enabled.

VU#489228: Ignite Realtime Smack XMPP API contains multiple vulnerabilities

Ignite Realtime's Smack XMPP API ServerTrustManger trusts unauthorized SSL certificates(CWE-358)and IQ requests do not verify the from attribute allowing anyone to spoof IQ responses. (CWE-345)

VU#222929: Microsoft Internet Explorer CMarkup use-after-free vulnerability

Microsoft Internet Explorer contains a use-after-free vulnerability,which can allow a remote,unauthenticated attacker to execute arbitrary code on a vulnerable system.

VU#719225: Apache Struts2 ClassLoader allows access to class properties via request...

Apache Struts2 2.3.16.1 and earlier contain a vulnerability where the ClassLoader allows access to class properties via request parameters

VU#118748: POCO C++ Libraries NetSSL library fails to properly validate wildcard...

The POCO C++Libraries NetSSL library fails to properly validate wildcard certificates,allowing an attacker to trick the victim application into trusting a malicious certificate.