SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited...
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of...
Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products,...
VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via unspecified vectors. Date published : 2016-08-30 http://www.securityfocus.com/bid/92607 http://www.vmware.com/security/advisories/VMSA-2016-0013.html
VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. Date published : 2016-08-30 http://www.securityfocus.com/bid/92608 http://www.vmware.com/security/advisories/VMSA-2016-0013.html
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. Date published...
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2016-08-30 http://www.securityfocus.com/bid/92448 http://www.vmware.com/security/advisories/VMSA-2016-0011.html
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. Date published : 2016-08-30 http://www.securityfocus.com/bid/92467 http://www-01.ibm.com/support/docview.wss?uid=swg21985907
WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. Date published : 2016-08-30 http://www-01.ibm.com/support/docview.wss?uid=swg21985907
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-08-29 http://www.securityfocus.com/bid/92682 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. Date published : 2016-08-26 https://www.exploit-db.com/exploits/37659 https://packetstormsecurity.com/files/132715/phpVibe-Stored-Cross-Site-Scripting.html
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file. Date published : 2016-08-26 http://www.securityfocus.com/bid/92487 http://www.kb.cert.org/vuls/id/294272
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. Date published : 2016-08-26 http://www.securityfocus.com/bid/92662 http://www.kb.cert.org/vuls/id/305607
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. Date...