|
269821
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_team_concert
rational_quality_manager
|
IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6035
|
2024-11-21 11:55 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269822
|
8.8 |
HIGH
Network
|
ibm
|
interact
|
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website t…
|
CWE-352
Origin Validation Error
|
CVE-2016-5889
|
2024-11-21 11:55 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269823
|
5.4 |
MEDIUM
Network
|
ibm
|
interact
|
IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5888
|
2024-11-21 11:55 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269824
|
4.9 |
MEDIUM
Network
|
advantech
|
webaccess
|
upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-5810
|
2024-11-21 11:55 |
2017-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269825
|
8.6 |
HIGH
Network
|
cisco
|
firepower_management_center
|
A vulnerability in the detection engine parsing of Pragmatic General Multicast (PGM) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a de…
|
CWE-399
Resource Management Errors
|
CVE-2016-6368
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269826
|
6.1 |
MEDIUM
Network
|
redhat
|
resteasy
|
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-6347
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269827
|
5.5 |
MEDIUM
Local
|
ovirt
|
ovirt
|
oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list of keys to hide in log files, which allows local users to obtain sensitive password information by reading engine log files.
|
CWE-200
Information Exposure
|
CVE-2016-6341
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269828
|
6.8 |
MEDIUM
Physics
|
redhat
|
enterprise_virtualization
|
ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization Manager (aka RHEV-M) for Servers and RHEV-M 4.0, allows physically proximate attackers to bypass a webadmin session timeout restric…
|
CWE-284
Improper Access Control
|
CVE-2016-6338
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269829
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
|
CWE-284
Improper Access Control
|
CVE-2016-6337
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269830
|
6.5 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restriction…
|
CWE-284
Improper Access Control
|
CVE-2016-6336
|
2024-11-21 11:55 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
