662 matches found
Lotus Sametime 8.5.1 - Password Disclosure
Exploit Title: Post Exploitation - Getting username and password in the Lotus Sametime 8.5.1 Google Dork: n/a Date: 18/02/2014 Exploit Author: Adriano Marcio Monteiro Vendor Homepage: http://www.ibm.com/us/en/ Software Link: http://www-01.ibm.com/support/docview.wss?uid=swg24027054 Version: 8.5.1...
CVE-2013-3988
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
CVE-2013-3978
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2013-6743
Cross-site scripting XSS vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element...
CVE-2013-3983
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors...
Code injection
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
Design/Logic Flaw
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
[SECURITY] Fedora 19 Update: pidgin-2.10.9-1.fc19
Pidgin allows you to talk to anyone using a variety of messaging protocols including AIM, MSN, Yahoo!, Jabber, Bonjour, Gadu-Gadu, ICQ, IRC, Novell Groupwise, QQ, Lotus Sametime, SILC, Simple and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just...
CVE-2013-3983
The CVE-2013-3983 entry concerns IBM Sametime Meeting Server where the Meeting Server versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1 do not validate URLs in Cookie headers before using them in redirects. This is the stated root cause. The impact is described as unspecified and the documents do not provid...
CVE-2013-6742
The CVE-2013-6742 entry concerns IBM Sametime Meeting Server (versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1). The issue is that the password field does not disable autocomplete, which could allow an attacker with access to an unattended workstation to obtain credentials. No exploitation details, specifi...
CVE-2013-3983
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not validate URLs in Cookie headers before using them in redirects, which has unspecified impact and remote attack vectors...
CVE-2013-6743
The CVE-2013-6743 issue affects IBM Sametime Meeting Server, specifically version ranges 8.5.2–8.5.2.1 and 9.x–9.0.0.1. It is a Cross-site Scripting (XSS) vulnerability where remote authenticated users can inject arbitrary web script/HTML via IMG element vectors. The underlying root cause is not ...
CVE-2013-3978
The CVE concerns IBM Sametime Meeting Server versions 8.5.2.x and 9.x (up to 9.0.0.1). The issue is that the Meeting Server does not send proper HTTP cache-control headers, allowing an attacker with access to an unattended workstation to view cached sensitive information. The description does not...
CVE-2013-6742
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation...
CVE-2013-3978
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation...
CVE-2013-3988
Summary: The IBM Sametime Meeting Server is reported vulnerable to clickjacking for versions 8.5.2–8.5.2.1 and 9.x–9.0.0.1. The issue is described as a remote-clickjacking risk with vectors unspecified. The cited CVSS v2 base score is 6.8 (Network, Low attack complexity, no authentication; partia...