2016 VULNERABILITY DATABASE

 

 

CVE-2016-5703

Summary: SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.

Published: 7/2/2016 9:59:14 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

 

CVE-2016-5702

Summary: phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.

Published: 7/2/2016 9:59:13 PM

 

CVSS Severity: v3 - 3.7 LOW      v2 - 4.3 MEDIUM

 

CVE-2016-5701

Summary: setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to conduct BBCode injection attacks against HTTP sessions via a crafted URI.

Published: 7/2/2016 9:59:11 PM

 

CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-5228

Summary: Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.

Published: 7/2/2016 9:59:09 PM

 

CVE-2016-2082

Summary: Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Published: 7/2/2016 9:59:08 PM

 

CVE-2016-2081

Summary: Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: 7/2/2016 9:59:06 PM

 

CVE-2016-2079

Summary: VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge 5.5 before 5.5.4.3, when the SSL-VPN feature is configured, allow remote attackers to obtain sensitive information via unspecified vectors.

Published: 7/2/2016 9:59:05 PM

 

CVE-2016-1606

Summary: Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client.

Published: 7/2/2016 9:59:04 PM

 

CVE-2016-1441

Summary: Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145.

Published: 7/2/2016 9:59:03 PM

 

CVSS Severity: v3 - 8.2 HIGH      v2 - 6.4 MEDIUM

 

CVE-2016-1394

Summary: Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238.

Published: 7/2/2016 9:59:02 PM

 

CVSS Severity: v3 - 8.6 HIGH      v2 - 7.5 HIGH

 

CVE-2015-7029

Summary: Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: 7/2/2016 9:59:01 PM

 

CVE-2015-6931

Summary: Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Published: 7/2/2016 9:59:00 PM

 

CVE-2016-4560

Summary: Untrusted search path vulnerability in Flexera InstallAnywhere allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.

Published: 7/2/2016 10:59:20 AM

 

CVE-2016-3956

Summary: The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.

Published: 7/2/2016 10:59:19 AM

 

CVE-2016-2968

Summary: IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.

Published: 7/2/2016 10:59:18 AM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 5.5 MEDIUM

 

CVE-2016-2961

Summary: The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.

Published: 7/2/2016 10:59:17 AM

 

CVE-2016-2883

Summary: Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Published: 7/2/2016 10:59:16 AM

 

CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

 

CVE-2016-2882

Summary: IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to obtain sensitive information by reading HTTP responses.

Published: 7/2/2016 10:59:15 AM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.0 MEDIUM

 

CVE-2016-2872

Summary: Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.

Published: 7/2/2016 10:59:14 AM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

 

CVE-2016-2870

Summary: Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances 2.1 and 2.5 allows remote authenticated users to cause a denial of service via unspecified vectors.

Published: 7/2/2016 10:59:13 AM

 

CVSS Severity: v3 - 2.7 LOW      v2 - 5.0 MEDIUM

 

 

<<< New  Older >>>