|
267411
|
5.5 |
MEDIUM
Local
|
lepton_project
|
lepton
|
The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file.
|
CWE-399
Resource Management Errors
|
CVE-2016-6235
|
2024-11-21 11:55 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267412
|
5.5 |
MEDIUM
Local
|
lepton_project
|
lepton
|
The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.
|
CWE-20
Improper Input Validation
|
CVE-2016-6234
|
2024-11-21 11:55 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267413
|
7.2 |
HIGH
Network
|
ibm
|
spectrum_scale
general_parallel_file_system
|
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-6115
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267414
|
6.5 |
MEDIUM
Local
|
ibm
|
tivoli_storage_manager
tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware
|
IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
|
CWE-255
Credentials Management
|
CVE-2016-6110
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267415
|
7.5 |
HIGH
Network
|
ibm
|
urbancode_deploy
|
IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties.
|
CWE-200
Information Exposure
|
CVE-2016-6068
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267416
|
3.1 |
LOW
Network
|
ibm
|
forms_experience_builder
|
IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2016-6001
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267417
|
3.7 |
LOW
Network
|
ibm
|
sterling_selling_and_fulfillment_foundation
|
IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error pa…
|
CWE-200
Information Exposure
|
CVE-2016-5953
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267418
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5942
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267419
|
5.7 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitra…
|
CWE-22
Path Traversal
|
CVE-2016-5941
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267420
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5940
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
