Lucene search
+L

173 matches found

Cvelist
Cvelist
added 2014/07/01 8:0 p.m.24 views

CVE-2014-3088

stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as...

6.1AI score0.01971EPSS
Exploits1References4
NVD
NVD
added 2014/05/26 11:14 a.m.23 views

CVE-2014-3867

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...

5CVSS5.9AI score0.02049EPSS
Exploits0References3
Prion
Prion
added 2014/05/26 11:14 a.m.23 views

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...

5CVSS6.2AI score0.02049EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/05/26 10:0 a.m.28 views

CVE-2014-3867

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different...

5.9AI score0.02049EPSS
Exploits0References3
NVD
NVD
added 2014/05/26 4:29 a.m.17 views

CVE-2014-0906

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a 1 expired or 2 invalidated cookie...

4.3CVSS6.5AI score0.01373EPSS
Exploits0References2
NVD
NVD
added 2014/05/26 4:29 a.m.22 views

CVE-2013-3982

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page...

5CVSS6.1AI score0.13151EPSS
Exploits2References2
NVD
NVD
added 2014/05/26 4:29 a.m.14 views

CVE-2013-3980

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to cause a denial of service room unusability by generating a large number of fictitious users to enter a meeting room...

5CVSS6.4AI score0.01731EPSS
Exploits0References2
NVD
NVD
added 2014/05/26 4:29 a.m.14 views

CVE-2013-3046

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not send the HSTS Strict-Transport-Security header, which makes it easier for man-in-the-middle attackers to hijack sessions or obtain sensitive information by leveraging the presence of HTTP requests...

4.3CVSS5.9AI score0.00415EPSS
Exploits0References2
NVD
NVD
added 2014/05/26 4:29 a.m.18 views

CVE-2013-3981

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors...

5CVSS6.6AI score0.01667EPSS
Exploits0References2
NVD
NVD
added 2014/05/26 4:29 a.m.16 views

CVE-2013-3975

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search...

5CVSS6.4AI score0.13151EPSS
Exploits2References2
NVD
NVD
added 2014/05/26 4:29 a.m.24 views

CVE-2013-3977

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names...

4.3CVSS6.4AI score0.09048EPSS
Exploits2References2
Prion
Prion
added 2014/05/26 4:29 a.m.21 views

Code injection

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a 1 expired or 2 invalidated cookie...

4.3CVSS7AI score0.01373EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/05/26 4:29 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

3.5CVSS5.5AI score0.01402EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/05/26 4:29 a.m.12 views

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors...

5CVSS7.1AI score0.01667EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/05/26 4:29 a.m.17 views

Session fixation

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not set the secure flag for an unspecified cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

2.9CVSS6.9AI score0.00674EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/05/26 4:29 a.m.17 views

Design/Logic Flaw

The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names...

4.3CVSS7AI score0.09048EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2014/05/26 1:0 a.m.50 views

CVE-2013-3980

CVE-2013-3980 affects IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability allows remote attackers to cause a denial of service (room unusability) by having a large number of fictitious users enter a meeting room. The available documents do not provide...

5CVSS6.6AI score0.01731EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/05/26 1:0 a.m.53 views

CVE-2013-3981

The CVE-2013-3981 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1). The vulnerability allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. The available documents do not specify the underlying root cause, exploi...

5CVSS6.8AI score0.01667EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/05/26 1:0 a.m.54 views

CVE-2013-3046

The CVE-2013-3046 entry concerns IBM Sametime Meeting Server (versions 8.x up to 8.5.2.1 and 9.x up to 9.0.0.1) failing to send the HSTS Strict-Transport-Security header. The root cause is the absence of HSTS protection, which could allow MITM attackers to hijack sessions or obtain sensitive data...

4.3CVSS6AI score0.00415EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/05/26 1:0 a.m.27 views

CVE-2013-3975

Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search...

6.4AI score0.13151EPSS
Exploits2References2
Rows per page
Query Builder