CVE-2016-0241

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP...

CVE-2016-0239

IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors...

CVE-2016-0241

CVE-2016-0241 affects IBM Security Guardium Database Activity Monitor. Affected versions: 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100. Root cause: flaw in HTTP login request handling allowing remote authenticated users to spoof administrator accounts. Impact: u...

CVE-2016-0239

CVE-2016-0239 affects IBM Security Guardium Database Activity Monitor (versions 9.0, 9.1, 9.5 before p700; 10.0, 10.0.1 before p100). A remote authenticated attacker can issue an HTTP request with administrator privileges due to an improper authorization vulnerability. IBM’s bulletin lists remedi...

CVE-2003-0587

Cross-site scripting XSS vulnerability in Infopop Ultimate Bulletin Board UBB 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie...

CVE-2016-0204

Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2016-4407

The CVE-2016-4407 issue concerns the SAP SAPCRYPTOLIB library, where the DSA algorithm implementation (version 5.555.38) fails to properly check signatures. This vulnerability allows remote authenticated users to impersonate arbitrary users via unspecified vectors, as described in SAP Security No...

Cross-Site Request Forgery Vulnerability in Multiple Pivotal Products

Pivotal Cloud Foundry PCF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment, etc. PCF Elastic Runtime is one of the runtime environments, and PCF Ops Manager is one ...

CVE-2016-6427

Cross-site request forgery CSRF vulnerability in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654...

Code injection

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872...

CVE-2016-5983

IBM WebSphere Application Server WAS 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object...

CVE-2016-5892

Cross-site scripting XSS vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.52, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-6645

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the 1 GeneralCmdRequest, 2 PersistantDataRequest, or 3...

CVE-2016-8277

Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service device restart via an unspecified command parameter...

CVE-2015-8086

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC5...

Directory traversal

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors...

Information disclosure

Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC5...

CVE-2016-8280

Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors...

CVE-2015-8085

The CVE-2015-8085 entry concerns Huawei AR routers and several Quidway/S5300/S5700 series devices where passwords could be obtained or decrypted due to the use of a reversible encryption algorithm. Affected software versions include Huawei AR routers pre-V200R007C00SPC100 and the listed Quidway/S...

CVE-2015-8086

The CVE-2015-8086 issue affects Huawei AR routers and several Quidway/S-series devices: AR routers with software before V200R007C00SPC100; S9300 before V200R009C00; S12700 before V200R008C00SPC500; S9300/S5300/S5300 before V200R007C00; and S5700 before V200R007C00SPC500. Root cause: information d...