|
264531
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
|
CWE-89
SQL Injection
|
CVE-2016-8929
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264532
|
7.6 |
HIGH
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the…
|
CWE-89
SQL Injection
|
CVE-2016-8928
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264533
|
7.5 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
|
CWE-399
Resource Management Errors
|
CVE-2016-8919
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264534
|
5.5 |
MEDIUM
Local
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user.
|
CWE-255
Credentials Management
|
CVE-2016-8967
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264535
|
5.5 |
MEDIUM
Local
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.
|
CWE-200
Information Exposure
|
CVE-2016-8981
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264536
|
8.1 |
HIGH
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to ex…
|
CWE-611
XXE
|
CVE-2016-8980
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264537
|
5.9 |
MEDIUM
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerab…
|
CWE-200
Information Exposure
|
CVE-2016-8966
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264538
|
6.1 |
MEDIUM
Network
|
ibm
|
license_metric_tool
bigfix_inventory
|
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could…
|
CWE-601
Open Redirect
|
CVE-2016-8961
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264539
|
5.4 |
MEDIUM
Network
|
ibm
|
spectrum_control
tivoli_storage_productivity_center
|
IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8943
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264540
|
3.1 |
LOW
Network
|
ibm
|
spectrum_control
tivoli_storage_productivity_center
|
IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server.
|
CWE-284
Improper Access Control
|
CVE-2016-8942
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
