» 2016 » 3월

CVE-2016-3115 (openssh)

Posted on 2016년 3월 22일2016년 3월 23일 by admin

CVE-2016-3115 (openssh)

Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.

Source: CVE-2016-3115 (openssh)

CVE-2016-1998 (service_manager)

Posted on 2016년 3월 22일2016년 3월 23일 by admin

CVE-2016-1998 (service_manager)

HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Source: CVE-2016-1998 (service_manager)

CVE-2016-1997 (operations_orchestration, operations_orchestration_content)

Posted on 2016년 3월 22일2016년 3월 23일 by admin

CVE-2016-1997 (operations_orchestration, operations_orchestration_content)

HPE Operations Orchestration 10.x before 10.51 and Operations Orchestration content before 1.7.0 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Source: CVE-2016-1997 (operations_orchestration, operations_orchestration_content)

CVE-2015-7454 (business_process_manager, websphere_process_server)

Posted on 2016년 3월 21일2016년 3월 22일 by admin

CVE-2015-7454 (business_process_manager, websphere_process_server)

Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors.

Source: CVE-2015-7454 (business_process_manager, websphere_process_server)

CVE-2016-2245 (support_assistant)

Posted on 2016년 3월 20일2016년 3월 23일 by admin

CVE-2016-2245 (support_assistant)

HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

Source: CVE-2016-2245 (support_assistant)

CVE-2016-2245

Posted on 2016년 3월 20일2016년 3월 20일 by admin

CVE-2016-2245

HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.

Source: CVE-2016-2245

CVE-2016-0283 (websphere_application_server)

Posted on 2016년 3월 20일2016년 3월 22일 by admin

CVE-2016-0283 (websphere_application_server)

Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Source: CVE-2016-0283 (websphere_application_server)

CVE-2016-0283

Posted on 2016년 3월 20일2016년 3월 20일 by admin

CVE-2016-0283

Source: CVE-2016-0283

CVE-2016-2287 (442sr_os)

Posted on 2016년 3월 19일2016년 3월 22일 by admin

CVE-2016-2287 (442sr_os)

Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2016-2287 (442sr_os)

CVE-2016-2287

Posted on 2016년 3월 19일2016년 3월 20일 by admin

CVE-2016-2287

Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Source: CVE-2016-2287