Skip to main content
CVE-2016-9564 HIGH POC This Week

Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Boa
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-2873 HIGH PATCH This Week

SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-2917 HIGH This Week

The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 before 10.5.1 allows remote authenticated users to obtain sensitive password information, and consequently gain privileges, via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tririga Application Platform
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-2963 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XSS CSRF Bigfix Remote Control
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2887 HIGH PATCH This Week

IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft .NET allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Ims Enterprise Suite
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-2884 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS CSRF Forms Experience Builder
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-2878 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS CSRF Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2016-2871 HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-2948 HIGH This Week

IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Authentication Bypass Bigfix Remote Control
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2876 HIGH PATCH This Week

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

IBM Command Injection Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2016-2936 HIGH This Week

IBM BigFix Remote Control before 9.1.3 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information via unknown vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Authentication Bypass Bigfix Remote Control
NVD
CVSS 3.0
7.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy