|
268181
|
5.4 |
MEDIUM
Network
|
ibm
|
emptoris_sourcing
|
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6114
|
2024-11-21 11:55 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268182
|
6.1 |
MEDIUM
Network
|
ektron
|
ektron_content_management_system
|
Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContTy…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6201
|
2024-11-21 11:55 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268183
|
6.1 |
MEDIUM
Network
|
bestpractical
|
request_tracker
|
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allow…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6127
|
2024-11-21 11:55 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268184
|
7.5 |
HIGH
Network
|
fedoraproject
elog_project
|
fedora
elog
|
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
|
CWE-284
Improper Access Control
|
CVE-2016-6342
|
2024-11-21 11:55 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268185
|
5.3 |
MEDIUM
Network
|
ibm
|
tivoli_monitoring
|
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
|
CWE-200
Information Exposure
|
CVE-2016-6083
|
2024-11-21 11:55 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268186
|
5.5 |
MEDIUM
Local
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
|
CWE-200
Information Exposure
|
CVE-2016-5893
|
2024-11-21 11:55 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268187
|
8.1 |
HIGH
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
|
CWE-284
Improper Access Control
|
CVE-2016-6098
|
2024-11-21 11:55 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268188
|
9.8 |
CRITICAL
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
|
CWE-255
Credentials Management
|
CVE-2016-6093
|
2024-11-21 11:55 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268189
|
5.5 |
MEDIUM
Local
|
ibm
|
websphere_mq
|
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
|
CWE-284
Improper Access Control
|
CVE-2016-6089
|
2024-11-21 11:55 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268190
|
9.8 |
CRITICAL
Network
|
ibm
|
domino
|
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
|
CWE-20
Improper Input Validation
|
CVE-2016-6087
|
2024-11-21 11:55 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
