Max CVSS | 10.0 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-10033 | 7.5 |
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
|
14-02-2024 - 14:56 | 30-12-2016 - 19:59 | |
CVE-2004-0420 | 10.0 |
The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demo
|
23-07-2021 - 15:02 | 07-07-2004 - 04:00 | |
CVE-2016-3043 | 4.3 |
IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information u
|
27-10-2020 - 11:37 | 01-02-2017 - 20:59 | |
CVE-2016-3046 | 4.0 |
IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database.
|
27-10-2020 - 11:37 | 01-02-2017 - 20:59 | |
CVE-2016-10006 | 4.3 |
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
|
14-11-2019 - 13:22 | 24-12-2016 - 18:59 | |
CVE-2017-10940 | 9.0 |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must
|
09-10-2019 - 23:21 | 31-10-2017 - 19:29 | |
CVE-2016-9731 | 3.5 |
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust
|
02-05-2018 - 15:25 | 01-02-2017 - 20:59 | |
CVE-2016-6033 | 6.8 |
IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #:
|
08-11-2017 - 13:29 | 15-02-2017 - 19:59 | |
CVE-2016-5984 | 4.3 |
IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls.
|
13-02-2017 - 21:26 | 01-02-2017 - 20:59 | |
CVE-2016-3045 | 4.3 |
IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history.
|
09-02-2017 - 21:26 | 01-02-2017 - 20:59 | |
CVE-2016-2987 | 4.0 |
An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.
|
07-02-2017 - 16:32 | 01-02-2017 - 20:59 | |
CVE-2016-0265 | 3.5 |
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security
|
05-02-2017 - 20:29 | 01-02-2017 - 20:59 |