Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9414 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories. | |||||
| CVE-2015-8977 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||||
| CVE-2016-9402 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8974 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 10.0 CRITICAL |
| SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-9418 | 2 Microsoft, Mybb | 3 Windows, Merge System, Mybb | 2017-02-05 | 5.0 MEDIUM | 7.5 HIGH |
| MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name. | |||||
| CVE-2016-7569 | 1 Docker2aci Project | 1 Docker2aci | 2017-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image. | |||||
| CVE-2016-5941 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.7 MEDIUM |
| IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2016-5938 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 2.1 LOW | 3.3 LOW |
| IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system. | |||||
| CVE-2016-0297 | 1 Ibm | 1 Bigfix Platform | 2017-02-05 | 4.3 MEDIUM | 3.7 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques. | |||||
| CVE-2016-0296 | 1 Ibm | 1 Bigfix Platform | 2017-02-05 | 2.1 LOW | 3.3 LOW |
| IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user. | |||||
| CVE-2016-3035 | 1 Ibm | 1 Security Appscan Source | 2017-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server. | |||||
| CVE-2016-5942 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6123 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-6125 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-5940 | 1 Ibm | 1 Kenexa Lms | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-8920 | 1 Ibm | 1 Kenexa Lms On Cloud | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2016-0265 | 1 Ibm | 1 Campaign | 2017-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | |||||
| CVE-2016-8696 | 1 Potrace Project | 1 Potrace | 2017-02-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695. | |||||
| CVE-2016-8698 | 1 Potrace Project | 1 Potrace | 2017-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703. | |||||
| CVE-2016-8686 | 1 Potrace Project | 1 Potrace | 2017-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure. | |||||