CVE-2015-7473 (websphere_mq)
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
Source: CVE-2015-7473 (websphere_mq)
[월:] 2016년 06월
CVE-2015-7473
CVE-2015-7473
runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.
Source: CVE-2015-7473
CVE-2016-5087 (alertus_desktop_notification_for_os_x)
CVE-2016-5087 (alertus_desktop_notification_for_os_x)
Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.
Source: CVE-2016-5087 (alertus_desktop_notification_for_os_x)
CVE-2016-5087
CVE-2016-5087
Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.
Source: CVE-2016-5087
CVE-2016-4513 (powerlogic_pm8ecc_firmware)
CVE-2016-4513 (powerlogic_pm8ecc_firmware)
Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4513
CVE-2016-4513
Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: CVE-2016-4513
CVE-2016-2901 (web_content_manager, websphere_portal)
CVE-2016-2901 (web_content_manager, websphere_portal)
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Source: CVE-2016-2901 (web_content_manager, websphere_portal)
CVE-2016-2901
CVE-2016-2901
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Source: CVE-2016-2901
CVE-2015-7988 (airport_base_station_firmware, iphone_os, mac_os_x, mdnsresponder, watchos)
CVE-2015-7988 (airport_base_station_firmware, iphone_os, mac_os_x, mdnsresponder, watchos)
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Source: CVE-2015-7988 (airport_base_station_firmware, iphone_os, mac_os_x, mdnsresponder, watchos)
CVE-2015-7988
CVE-2015-7988
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Source: CVE-2015-7988