Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only ‘/’ and ‘.’ characters. Date published : 2016-11-30 http://www.securityfocus.com/bid/94599 http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This...
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF3 allows remote attackers to obtain sensitive information via a crafted HTTP request that triggers construction of a runtime...
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Date published...
IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenticated users to change arbitrary passwords via unspecified vectors. Date published : 2016-11-30 http://www-01.ibm.com/support/docview.wss?uid=swg1IT16043 http://www.securityfocus.com/bid/94391
Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2016-11-30...
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert...
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the...
Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that modify the...
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows physically proximate attackers to obtain sensitive information by reading cached data on a client device. Date published : 2016-11-30 http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039 http://www.securityfocus.com/bid/94331
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Date published : 2016-11-30 http://www-01.ibm.com/support/docview.wss?uid=swg1IV89797 http://www.securityfocus.com/bid/94596
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading an "archaic" e-mail address in a response. Date published : 2016-11-30 http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039...
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 allows remote authenticated users to obtain sensitive information by reading a stack trace in a response. Date published : 2016-11-30 http://www-01.ibm.com/support/docview.wss?uid=swg1LO90039 http://www.securityfocus.com/bid/94300
IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 does not require SSL, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Date published : 2016-11-30 http://www-01.ibm.com/support/docview.wss?uid=swg1LO90268...