|
270081
|
3.3 |
LOW
Local
|
ibm
|
kenexa_lms
|
IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system.
|
CWE-200
Information Exposure
|
CVE-2016-5938
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270082
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
|
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5881
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270083
|
5.3 |
MEDIUM
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
|
CWE-200
Information Exposure
|
CVE-2016-6117
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270084
|
8.2 |
HIGH
Network
|
ibm
|
security_key_lifecycle_manager
|
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
|
CWE-284
Improper Access Control
|
CVE-2016-6105
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270085
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc…
|
CWE-22
Path Traversal
|
CVE-2016-6126
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270086
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6125
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270087
|
8.8 |
HIGH
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-6124
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270088
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6123
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270089
|
4.3 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
|
CWE-200
Information Exposure
|
CVE-2016-6122
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270090
|
6.1 |
MEDIUM
Network
|
ibm
|
inotes
domino
|
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6113
|
2024-11-21 11:55 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
