CVE-2016-2933 (bigfix_remote_control)
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
[월:] 2016년 11월
CVE-2016-2933
CVE-2016-2933
Directory traversal vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated administrators to read arbitrary files via a crafted request.
Source: CVE-2016-2933
CVE-2016-2932 (bigfix_remote_control)
CVE-2016-2932 (bigfix_remote_control)
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
CVE-2016-2932
CVE-2016-2932
IBM BigFix Remote Control before 9.1.3 allows remote attackers to conduct XML injection attacks via unspecified vectors.
Source: CVE-2016-2932
CVE-2016-2931 (bigfix_remote_control)
CVE-2016-2931 (bigfix_remote_control)
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVE-2016-2931
CVE-2016-2931
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
Source: CVE-2016-2931
CVE-2016-9481 (exponent_cms)
CVE-2016-9481 (exponent_cms)
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter ‘$this->params[‘content_id’]’ used directly in SQL. Impact is a SQL injection.
Source: CVE-2016-9481 (exponent_cms)
CVE-2016-9481
CVE-2016-9481
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter ‘$this->params[‘content_id’]’ used directly in SQL. Impact is a SQL injection.
Source: CVE-2016-9481
CVE-2016-9480 (libdwarf)
CVE-2016-9480 (libdwarf)
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
Source: CVE-2016-9480 (libdwarf)
CVE-2016-9480
CVE-2016-9480
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
Source: CVE-2016-9480