CVE-2016-3677
The Huawei Wear App application before 15.0.0.307 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
Source: CVE-2016-3677
[월:] 2016년 06월
CVE-2016-3670 (liferay_portal)
CVE-2016-3670 (liferay_portal)
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
Source: CVE-2016-3670 (liferay_portal)
CVE-2016-3670
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
Source: CVE-2016-3670
CVE-2016-2174 (ranger)
CVE-2016-2174 (ranger)
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
Source: CVE-2016-2174 (ranger)
CVE-2016-2174
CVE-2016-2174
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
Source: CVE-2016-2174
CVE-2016-1543 (bladelogic_server_automation_console)
CVE-2016-1543 (bladelogic_server_automation_console)
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Source: CVE-2016-1543 (bladelogic_server_automation_console)
CVE-2016-1543
CVE-2016-1543
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
Source: CVE-2016-1543
CVE-2016-1542 (bladelogic_server_automation_console)
CVE-2016-1542 (bladelogic_server_automation_console)
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
Source: CVE-2016-1542 (bladelogic_server_automation_console)
CVE-2016-1542
CVE-2016-1542
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
Source: CVE-2016-1542
CVE-2016-2834 (firefox, network_security_services)
CVE-2016-2834 (firefox, network_security_services)
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.