AlienVault Unified Security Management Remote Authentication Bypass Vulnerability

AlienVault Unified Security Management USM is a security management platform from AlienVault, Inc. that provides security monitoring, security event management and reporting, and threat awareness systems. A remote authentication bypass vulnerability exists in AlienVault Unified Security Managemen...

DEBIAN-CVE-2016-7498

OpenStack Compute nova 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service disk consumption by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression...

CVE-2016-5406

The CVE-2016-5406 issue affects Red Hat JBoss Enterprise Application Platform (EAP) 7.x prior to 7.0.2, where the domain controller fails to propagate administrative RBAC configuration to all slave instances. This misconfig leads to privilege escalation potential for remote authenticated users, s...

CVE-2016-5972

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...

CVE-2016-5971

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference,...

CVE-2016-5947

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site...

CVE-2016-5945

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request...

CVE-2016-3007

Cross-site request forgery CSRF vulnerability in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users...

CVE-2016-5972

CVE-2016-5972 affects IBM Security Privileged Identity Manager Virtual Appliance 2.0.x prior to 2.0.2 FP8, where permissions on a security‑critical resource are configured so that read/modify access can be obtained by unintended actors. Root cause: weak permissions on the resource. Impact per sou...

CVE-2016-5972

IBM Security Privileged Identity Manager ISPIM Virtual Appliance 2.x before 2.0.2 FP8 uses weak permissions for unspecified resources, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...

CVE-2016-6373

The web-based GUI in Cisco Cloud Services Platform CSP 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541...

DEBIAN-CVE-2016-6801

Cross-site request forgery CSRF vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the...

CVE-2016-4968

The linkreport/tmp/adminglobal page in Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users to discover administrator cookies via a GET request...

CVE-2016-4967

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users to obtain sensitive information from 1 a backup of the device configuration via script/cfgshow.php or 2 PCAP files via script/system/tcpdump.php...

CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...

CVE-2016-4965

Fortinet FortiWan formerly AscernLink before 4.2.5 allows remote authenticated users with access to the nslookup functionality to execute arbitrary commands with root privileges via the graph parameter to diagnosiscontrol.php...

CVE-2016-4967

Fortinet FortiWAN (AscernLink) before 4.2.5 is affected by CVE-2016-4967: an authenticated non-admin user can disclose sensitive data by accessing /script/cfg_show.php to grab a device configuration backup or /script/system/tcpdump.php to obtain a PCAP. The issue is confirmed across multiple sour...

AlienVault Unified Security Management Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of AlienVault Unified Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the logcheck function in session.inc. By providing a...

Cross site scripting

Cross-site scripting XSS vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

PT-2016-5513 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.5.51 and earlier Oracle MySQL versions 5.6.32 and earlier Oracle MySQL versions 5.7.14 and earlier Description: The issue allows remote authenticated users to affect availability via vectors related to Server: Optimize...