2016 VULNERABILITY DATABASE
CVE-2016-5703
Summary: SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.
Published: 7/2/2016 9:59:14 PM
CVSS Severity: v3 - 9.8 CRITICAL v2 - 7.5 HIGH
CVE-2016-5702
Summary: phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.
Published: 7/2/2016 9:59:13 PM
CVSS Severity: v3 - 3.7 LOW v2 - 4.3 MEDIUM
CVE-2016-5701
Summary: setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.
Published: 7/2/2016 9:59:11 PM
CVSS Severity: v3 - 6.1 MEDIUM v2 - 4.3 MEDIUM
CVE-2016-5228
Summary: Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
Published: 7/2/2016 9:59:09 PM
CVE-2016-2082
Summary: Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Published: 7/2/2016 9:59:08 PM
CVE-2016-2081
Summary: Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 7/2/2016 9:59:06 PM
CVE-2016-2079
Summary: VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors.
Published: 7/2/2016 9:59:05 PM
CVE-2016-1606
Summary: Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.
Published: 7/2/2016 9:59:04 PM
CVE-2016-1441
Summary: Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.
Published: 7/2/2016 9:59:03 PM
CVSS Severity: v3 - 8.2 HIGH v2 - 6.4 MEDIUM
CVE-2016-1394
Summary: Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.
Published: 7/2/2016 9:59:02 PM
CVSS Severity: v3 - 8.6 HIGH v2 - 7.5 HIGH
CVE-2015-7029
Summary: Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Published: 7/2/2016 9:59:01 PM
CVE-2015-6931
Summary: Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Published: 7/2/2016 9:59:00 PM
CVE-2016-4560
Summary: Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.
Published: 7/2/2016 10:59:20 AM
CVE-2016-3956
Summary: The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
Published: 7/2/2016 10:59:19 AM
CVE-2016-2968
Summary: IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.
Published: 7/2/2016 10:59:18 AM
CVSS Severity: v3 - 6.5 MEDIUM v2 - 5.5 MEDIUM
CVE-2016-2961
Summary: The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
Published: 7/2/2016 10:59:17 AM
CVE-2016-2883
Summary: Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Published: 7/2/2016 10:59:16 AM
CVSS Severity: v3 - 5.4 MEDIUM v2 - 3.5 LOW
CVE-2016-2882
Summary: IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.
Published: 7/2/2016 10:59:15 AM
CVSS Severity: v3 - 4.3 MEDIUM v2 - 4.0 MEDIUM
CVE-2016-2872
Summary: Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
Published: 7/2/2016 10:59:14 AM
CVSS Severity: v3 - 5.3 MEDIUM v2 - 5.0 MEDIUM
CVE-2016-2870
Summary: Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.
Published: 7/2/2016 10:59:13 AM
CVSS Severity: v3 - 2.7 LOW v2 - 5.0 MEDIUM