19 matches found
EUVD-2015-0169
Malware in sbrugna...
EUVD-2015-0154
Malware in sbrugna...
EUVD-2015-0165
Malware in sbrugna...
EUVD-2015-0153
Malware in sbrugna...
EUVD-2015-0164
Malware in sbrugna...
IBM Leads Cross-Site Request Forgery Vulnerability (CNVD-2015-04110)
IBM Leads is a solution from IBM USA for improving the customer management process. The program provides functions such as finding prospects, assigning customers and sending notifications of new customer information. A security vulnerability exists in IBM Leads that stems from the program's failu...
CVE-2015-0131
Cross-site scripting XSS vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...
CVE-2015-0127
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted...
CVE-2015-0116
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the addition of links, which makes it easier for remote authenticated users to conduct cross-site request...
CVE-2015-0115
Cross-site request forgery CSRF vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts...
Design/Logic Flaw
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension...
CVE-2015-0131
CVE-2015-0131 describes a Cross-site scripting (XSS) vulnerability in IBM Leads across multiple versions (7.x; 8.1.0 prior to 8.1.0.14; 8.2; 8.5.0 prior to 8.5.0.7.3; 8.6.0 prior to 8.6.0.8.1; 9.0.0 through 9.0.0.4; 9.1.0 prior to 9.1.0.6.1; 9.1.1 before 9.1.1.0.2) that allows remote authenticate...
CVE-2015-0131
Cross-site scripting XSS vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...
CVE-2015-0115
CVE-2015-0115 is a CSRF vulnerability in IBM Leads affecting multiple versions (7.x; 8.1.0 before 8.1.0.14; 8.2; 8.5.0 before 8.5.0.7.3; 8.6.0 before 8.6.0.8.1; 9.0.0 through 9.0.0.4; 9.1.0 before 9.1.0.6.1; 9.1.1 before 9.1.1.0.2) that allows remote authenticated users to hijack the authenticati...
CVE-2015-0127
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted...
CVE-2015-0115
Cross-site request forgery CSRF vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to hijack the authentication of customer accounts...
CVE-2015-0116
CVE-2015-0116 affects IBM Leads versions including 7.x, 8.1.0 up to 8.1.0.14, 8.2, 8.5.0 up to 8.5.0.7.3, 8.6.0 up to 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 up to 9.1.0.6.1, and 9.1.1 up to 9.1.1.0.2. The issue is a CSRF risk caused by improper restriction of link additions, enabling remote auth...