CVE-2016-5946

CVE-2016-5946 affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center). A directory traversal vulnerability allows remote authenticated users to read arbitrary files via a URL containing ".." (dot dot). Affected versions are Spectrum Control 5.2.8 through 5.2.10.1 and Tivoli Sto...

CVE-2016-5944

CVE-2016-5944 is an XSS in the Web UI of IBM Spectrum Control (formerly Tivoli Storage Productivity Center). Connected sources confirm the vulnerability in version 5.2.x prior to 5.2.11, where an authenticated user could inject arbitrary JavaScript/HTML via an embedded string. Affected versions i...

CVE-2016-5943

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to bypass intended access restrictions, and read task details or edit properties, via unspecified vectors...

CVE-2016-5946

Directory traversal vulnerability in IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to read arbitrary files via a .. dot dot in a URL...

CVE-2016-5943

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 contains an access-control flaw that lets an authenticated user bypass restrictions and read task details or edit properties. Affected are IBM Spectrum Control versions 5.2.8–5.2.10.1 and Tivoli Storage Product...

CVE-2016-5945

IBM Spectrum Control formerly Tivoli Storage Productivity Center 5.2.x before 5.2.11 allows remote authenticated users to upload non-executable files via a crafted HTTP request...

IBM Spectrum Control and IBM Storage Insights Catalog Traversal Vulnerability

IBM Spectrum Control and IBM Storage Insights are both storage resource management software from IBM USA. A directory traversal vulnerability exists in IBM Spectrum Control versions 5.2.8 through 5.2.10.1 and IBM Storage Insights. An attacker can exploit this vulnerability by sending a URL reques...

IBM Spectrum Control and IBM Storage Insights Cross-Site Scripting Vulnerabilities

IBM Spectrum Control and IBM Storage Insights are both storage resource management software from IBM USA. A cross-site scripting vulnerability exists in IBM Spectrum Control versions 5.2.8 through 5.2.10.1 and IBM Storage Insights. An attacker can exploit this vulnerability to inject arbitrary...

IBM Spectrum Control and IBM Storage Insights Clickjacking Vulnerability

IBM Spectrum Control and IBM Storage Insights are both storage resource management software from IBM USA. A clickjacking vulnerability exists in IBM Spectrum Control versions 5.2.8 through 5.2.10.1 and IBM Storage Insights. A remote attacker could exploit this vulnerability by convincing a user t...

IBM Spectrum Control and IBM Storage Insights Arbitrary File Upload Vulnerability

IBM Spectrum Control and IBM Storage Insights are both storage resource management software from IBM USA. An arbitrary file upload vulnerability exists in IBM Spectrum Control versions 5.2.8 through 5.2.10.1 and IBM Storage Insights. An attacker could exploit this vulnerability by sending a...

IBM Spectrum Control and IBM Storage Insights Security Bypass Vulnerabilities

IBM Spectrum Control and IBM Storage Insights are both storage resource management software from IBM USA. A security bypass vulnerability exists in IBM Spectrum Control versions 5.2.8 through 5.2.10.1 and IBM Storage Insights. An attacker could exploit the vulnerability to edit restricted propert...

Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability

Description Apache Struts is prone to a remote code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Apache Struts 1.0 through...