|
272191
|
- |
|
ibm
|
websphere_application_server
|
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack s…
|
CWE-284
Improper Access Control
|
CVE-2015-1936
|
2024-11-21 11:26 |
2015-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272192
|
- |
|
ibm
|
websphere_application_server
|
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServ…
|
CWE-284
Improper Access Control
|
CVE-2015-1927
|
2024-11-21 11:26 |
2015-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272193
|
- |
|
ibm
|
websphere_portal
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1944
|
2024-11-21 11:26 |
2015-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272194
|
- |
|
ibm
|
websphere_portal
|
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 be…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1917
|
2024-11-21 11:26 |
2015-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272195
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted r…
|
CWE-200
Information Exposure
|
CVE-2015-1887
|
2024-11-21 11:26 |
2015-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272196
|
- |
|
ibm
|
business_process_manager
|
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated us…
|
CWE-284
Improper Access Control
|
CVE-2015-1961
|
2024-11-21 11:26 |
2015-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272197
|
6.5 |
MEDIUM
Network
|
oracle
openssl
|
supply_chain_products_suite
jd_edwards_enterpriseone_tools
openssl
opus_10g_ethernet_switch_family
|
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative …
|
CWE-254
7PK - Security Features
|
CVE-2015-1793
|
2024-11-21 11:26 |
2015-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272198
|
- |
|
shibboleth
|
identity_provider
opensaml_java
|
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID,…
|
CWE-254
7PK - Security Features
|
CVE-2015-1796
|
2024-11-21 11:26 |
2015-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272199
|
- |
|
hp
|
hp-ux
|
Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-2126
|
2024-11-21 11:26 |
2015-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272200
|
- |
|
ibm
|
tivoli_federated_identity_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for …
|
CWE-79
Cross-site Scripting
|
CVE-2015-1966
|
2024-11-21 11:26 |
2015-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
