CVE-2015-8832

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension.

Source: CVE-2015-8832

CVE-2015-6023

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.

Source: CVE-2015-6023

CVE-2015-8831

Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment.

Source: CVE-2015-8831

CVE-2015-6024

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.

Source: CVE-2015-6024

CVE-2015-7493 (infosphere_information_server)

IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.

Source: CVE-2015-7493 (infosphere_information_server)

CVE-2016-0305 (connections)

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Source: CVE-2016-0305 (connections)

CVE-2016-0307 (connections)

IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.

Source: CVE-2016-0307 (connections)

CVE-2016-0308 (connections)

IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.

Source: CVE-2016-0308 (connections)

CVE-2016-0310 (connections)

IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker’s domain.

Source: CVE-2016-0310 (connections)

CVE-2016-9686

The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2.

Source: CVE-2016-9686