Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 12...4 5 6 7 8 out of 2740

CVE-2016-8933 | February 01, 2017
IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8932 | February 01, 2017
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8931 | February 01, 2017
IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8930 | February 01, 2017
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8929 | February 01, 2017
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8928 | February 01, 2017
IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8922 | February 01, 2017
Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8921 | February 01, 2017
IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8920 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Ibm

CVE-2016-8919 | February 01, 2017
IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8918 | February 01, 2017
IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8913 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8912 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8911 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-8491 | February 01, 2017
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6126 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6125 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Ibm

CVE-2016-6124 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6123 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Ibm

CVE-2016-6122 | February 01, 2017
IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6117 | February 01, 2017
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6115 | February 01, 2017
IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6113 | February 01, 2017
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Ibm

CVE-2016-6110 | February 01, 2017
IBM Tivoli Storage Manager undisclosed unencrypted login credentials to Vmware vCenter that could be obtained by a local user.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2016-6105 | February 01, 2017
IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas.
Severity: | Impact score: 0.00 | Exploit score: 0.00

Page: 12...4 5 6 7 8 out of 2740

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »