4423 matches found
CVE-2016-2863
Cross-site request forgery CSRF vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2016-3989
The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root...
CVE-2016-2968
IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors...
CVE-2016-2870
Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors...
CVE-2016-0374
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors...
Command injection
JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors...
CVE-2016-3650
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack...
CVE-2016-3648
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to bypass the Authentication Lock protection mechanism, and conduct brute-force password-guessing attacks against management-console accounts, by entering data into the authorization window...
Directory traversal
Directory traversal vulnerability in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to read arbitrary files in the web-root directory tree via unspecified vectors...
Default credentials
Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack...
cfme: Privilege escalation causing arbitrary code execution
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...
CVE-2016-0298
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL...
Directory traversal
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL...
CVE-2016-0298
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL...
CVE-2016-0233
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2016-1189
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors...
Code injection
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors...
CVE-2016-1189
CVE-2016-1189 affects Cybozu Garoon 3.x and 4.x up to but not including 4.2.1, where remote authenticated users can bypass access restrictions on Portlets (read/create/modify) via unspecified vectors. The connected sources corroborate a portlet access restriction bypass vulnerability in Garoon’s ...
CVE-2016-1188
CVE-2016-1188 affects Cybozu Garoon 3.x to 4.2.x before 4.2.1. It is described in the connected JVN as an operation restriction bypass in the mail function, enabling remote authenticated users to send spoofed e‑mail messages via unspecified vectors. Affected versions include Cybozu Garoon 3.0–4.2...
Sql injection
SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549...