Check CVE Id
Check CWE Id
Multiple hardcoded credentials in Xsuite 2.3.0 and 22.214.171.124.
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
The Hawtio console in A-MQ allows remote attackers to obtain sensitive information and perform other unspecified impact.
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes on cookies.
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836.
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.
Open redirect vulnerability in Xsuite 2.3.0 and 126.96.36.199 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
The MySQL "root" user in Xsuite 2.3.0 and 188.8.131.52 does not have a password set, which allows local users to access databases on the system.
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings.
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread could potentially cause denial of service. IBM X-Force ID: 123914.
Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.
IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores files in a temporary folder during offline installs which could be read by a local user within a short timespan. IBM X-Force ID: 126461.
Back to Top