|
252591
|
8.1 |
HIGH
Network
|
ibm
|
business_process_manager
|
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sen…
|
CWE-611
XXE
|
CVE-2017-1527
|
2024-11-21 12:22 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252592
|
4.3 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.
|
CWE-20
Improper Input Validation
|
CVE-2017-1555
|
2024-11-21 12:22 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252593
|
6.1 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploi…
|
CWE-20
Improper Input Validation
|
CVE-2017-1551
|
2024-11-21 12:22 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252594
|
6.5 |
MEDIUM
Network
|
ibm
|
api_connect
|
IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. IBM X-Force ID: 13…
|
CWE-20
Improper Input Validation
|
CVE-2017-1556
|
2024-11-21 12:22 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252595
|
3.7 |
LOW
Network
|
ibm
|
db2
db2_connect
|
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
|
CWE-287
Improper Authentication
|
CVE-2017-1520
|
2024-11-21 12:22 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252596
|
5.9 |
MEDIUM
Network
|
ibm
|
db2
db2_connect
|
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.
|
CWE-20
Improper Input Validation
|
CVE-2017-1519
|
2024-11-21 12:22 |
2017-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252597
|
5.4 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1535
|
2024-11-21 12:22 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252598
|
8.8 |
HIGH
Network
|
cs-cart
|
cs-cart_multivendor
cs-cart
|
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) a…
|
CWE-352
Origin Validation Error
|
CVE-2017-2138
|
2024-11-21 12:22 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252599
|
9.8 |
CRITICAL
Network
|
buffalo
|
wapm-1166d_firmware
wapm-apg600h_firmware
|
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2017-2126
|
2024-11-21 12:22 |
2017-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252600
|
4.8 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2146
|
2024-11-21 12:22 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
