|
266211
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8920
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266212
|
5.9 |
MEDIUM
Network
|
ibm
|
integration_bus
|
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
|
CWE-255
Credentials Management
|
CVE-2016-8918
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266213
|
6.5 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequenc…
|
CWE-22
Path Traversal
|
CVE-2016-8913
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266214
|
4.3 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2016-8912
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266215
|
5.4 |
MEDIUM
Network
|
ibm
|
kenexa_lms_on_cloud
|
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could…
|
CWE-254
7PK - Security Features
|
CVE-2016-8911
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266216
|
8.6 |
HIGH
Network
|
cisco
|
asa_cx_context-aware_security_software
|
A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX m…
|
CWE-399
Resource Management Errors
|
CVE-2016-9225
|
2024-11-21 12:00 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266217
|
5.4 |
MEDIUM
Network
|
tenable
|
nessus
|
Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9260
|
2024-11-21 12:00 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266218
|
5.5 |
MEDIUM
Local
|
joyent
|
smartos
|
An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An at…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-9039
|
2024-11-21 12:00 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266219
|
7.5 |
HIGH
Network
|
f5
|
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_application_security_manager<…
|
An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).
|
CWE-20
Improper Input Validation
|
CVE-2016-9249
|
2024-11-21 12:00 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266220
|
9.8 |
CRITICAL
Network
|
botan_project
|
botan
|
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect an…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9132
|
2024-11-21 12:00 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
