|
264521
|
6.1 |
MEDIUM
Network
|
ibm
|
infosphere_information_server_on_cloud
infosphere_datastage
|
IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to nav…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9000
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264522
|
5.4 |
MEDIUM
Network
|
ibm
|
infosphere_information_server
infosphere_information_server_on_cloud
infosphere_datastage
|
IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious C…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8999
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264523
|
5.3 |
MEDIUM
Network
|
ibm
|
infosphere_datastage
|
IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer hea…
|
CWE-200
Information Exposure
|
CVE-2016-8982
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264524
|
5.3 |
MEDIUM
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system.
|
CWE-200
Information Exposure
|
CVE-2016-8977
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264525
|
5.5 |
MEDIUM
Local
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.
|
CWE-200
Information Exposure
|
CVE-2016-8963
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264526
|
10.0 |
CRITICAL
Network
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host cu…
|
CWE-284
Improper Access Control
|
CVE-2016-8938
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264527
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra…
|
CWE-22
Path Traversal
|
CVE-2016-8933
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264528
|
8.8 |
HIGH
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-284
Improper Access Control
|
CVE-2016-8932
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264529
|
8.8 |
HIGH
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-284
Improper Access Control
|
CVE-2016-8931
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264530
|
7.6 |
HIGH
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
|
CWE-89
SQL Injection
|
CVE-2016-8930
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
