|
278191
|
- |
|
ibm
|
security_qradar_incident_forensics
|
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for req…
|
CWE-352
Origin Validation Error
|
CVE-2015-1997
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278192
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information …
|
CWE-200
Information Exposure
|
CVE-2015-1996
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278193
|
- |
|
ibm
|
security_qradar_incident_forensics
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted UR…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1995
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278194
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtai…
|
CWE-200
Information Exposure
|
CVE-2015-1994
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278195
|
- |
|
ibm
|
security_qradar_incident_forensics
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these…
|
NVD-CWE-Other
|
CVE-2015-1993
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278196
|
- |
|
ibm
|
security_qradar_incident_forensics
|
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2015-1989
|
2024-11-21 11:26 |
2015-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278197
|
- |
|
apache
|
ambari
|
Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured servic…
|
NVD-CWE-Other
|
CVE-2015-1775
|
2024-11-21 11:26 |
2015-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278198
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unkno…
|
NVD-CWE-noinfo
|
CVE-2015-1829
|
2024-11-21 11:26 |
2015-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278199
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1814
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278200
|
- |
|
jenkins
redhat
|
jenkins
openshift
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabili…
|
CWE-79
Cross-site Scripting
|
CVE-2015-1813
|
2024-11-21 11:26 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
