|
265611
|
6.1 |
MEDIUM
Network
|
bestpractical
|
request_tracker
|
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allow…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6127
|
2024-11-21 11:55 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265612
|
7.5 |
HIGH
Network
|
fedoraproject
elog_project
|
fedora
elog
|
elog 3.1.1 allows remote attackers to post data as any username in the logbook.
|
CWE-284
Improper Access Control
|
CVE-2016-6342
|
2024-11-21 11:55 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265613
|
5.3 |
MEDIUM
Network
|
ibm
|
tivoli_monitoring
|
IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.
|
CWE-200
Information Exposure
|
CVE-2016-6083
|
2024-11-21 11:55 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265614
|
5.5 |
MEDIUM
Local
|
ibm
|
sterling_b2b_integrator
|
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.
|
CWE-200
Information Exposure
|
CVE-2016-5893
|
2024-11-21 11:55 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265615
|
8.1 |
HIGH
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
|
CWE-284
Improper Access Control
|
CVE-2016-6098
|
2024-11-21 11:55 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265616
|
9.8 |
CRITICAL
Network
|
ibm
|
tivoli_key_lifecycle_manager
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
|
CWE-255
Credentials Management
|
CVE-2016-6093
|
2024-11-21 11:55 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265617
|
5.5 |
MEDIUM
Local
|
ibm
|
websphere_mq
|
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
|
CWE-284
Improper Access Control
|
CVE-2016-6089
|
2024-11-21 11:55 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265618
|
9.8 |
CRITICAL
Network
|
ibm
|
domino
|
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918.
|
CWE-20
Improper Input Validation
|
CVE-2016-6087
|
2024-11-21 11:55 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265619
|
5.5 |
MEDIUM
Local
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 116171.
|
CWE-200
Information Exposure
|
CVE-2016-5960
|
2024-11-21 11:55 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265620
|
5.3 |
MEDIUM
Network
|
ibm
|
security_privileged_identity_manager
|
IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via se…
|
CWE-200
Information Exposure
|
CVE-2016-5959
|
2024-11-21 11:55 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
