CVE-2016-0292 (bigfix_webreports)
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report.
[월:] 2016년 08월
CVE-2016-5721 (zimbra_collaboration_server)
CVE-2016-5721 (zimbra_collaboration_server)
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5399 (phpvibe)
CVE-2015-5399 (phpvibe)
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
Source: CVE-2015-5399 (phpvibe)
CVE-2015-5399
CVE-2015-5399
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
Source: CVE-2015-5399
CVE-2016-5683 (readydesk)
CVE-2016-5683 (readydesk)
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.
Source: CVE-2016-5683 (readydesk)
CVE-2016-5683
CVE-2016-5683
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.
Source: CVE-2016-5683
CVE-2016-5664 (kiteworks_appliance)
CVE-2016-5664 (kiteworks_appliance)
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
CVE-2016-5664
CVE-2016-5664
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
Source: CVE-2016-5664
CVE-2016-5663 (kiteworks_appliance)
CVE-2016-5663 (kiteworks_appliance)
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.
CVE-2016-5663
CVE-2016-5663
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.
Source: CVE-2016-5663