|
266931
|
6.5 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerabil…
|
CWE-200
CWE-20
Information Exposure
Improper Input Validation
|
CVE-2016-2937
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266932
|
7.3 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors.
|
CWE-255
Credentials Management
|
CVE-2016-2936
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266933
|
5.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
|
CWE-20
Improper Input Validation
|
CVE-2016-2935
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266934
|
6.1 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2934
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266935
|
6.8 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
|
CWE-22
Path Traversal
|
CVE-2016-2933
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266936
|
5.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
|
CWE-91
Blind XPath Injection
|
CVE-2016-2932
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266937
|
5.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
|
CWE-200
Information Exposure
|
CVE-2016-2931
|
2024-11-21 11:49 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266938
|
8.1 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not properly restrict password choices, which makes it easier for remote attackers to obtain access via a brute-force approach.
|
CWE-254
CWE-284
7PK - Security Features
Improper Access Control
|
CVE-2016-2929
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266939
|
4.3 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2016-2928
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266940
|
5.9 |
MEDIUM
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control before 9.1.3 does not properly restrict the set of available encryption algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms …
|
CWE-200
Information Exposure
|
CVE-2016-2927
|
2024-11-21 11:49 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
