IBM Security Identity Manager 7.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM...
IBM Security Identity Manager 7.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on...
IBM Security Directory Server 6.4.0 stores sensitive information in URLs. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history. IBM X-Force...
IBM Security Directory Server 6.4.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 165953. Date published : 2020-02-04 https://www.ibm.com/support/pages/node/1288660 https://exchange.xforce.ibmcloud.com/vulnerabilities/165953
IBM Security Directory Server 6.4.0 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 165952. Date published : 2020-02-04 https://www.ibm.com/support/pages/node/1288660 https://exchange.xforce.ibmcloud.com/vulnerabilities/165952
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this...
IBM Security Directory Server 6.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 165814. Date published...
IBM Security Directory Server 6.4.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 165813. Date published : 2020-02-04 https://www.ibm.com/support/pages/node/1288660 https://exchange.xforce.ibmcloud.com/vulnerabilities/165813
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included...
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. Date published :...
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. Date published : 2020-02-04 https://hackerone.com/reports/508493 https://nextcloud.com/security/advisory/?id=NC-SA-2019-015
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it’s domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. Date...
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. Date published : 2020-02-04 https://hackerone.com/reports/518669 https://nextcloud.com/security/advisory/?id=NC-SA-2019-011