4 results (0.007 seconds)

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." Múltiples vulnerabilidades no especificadas en IBM Hardware Management Console (HMC) 7 R3.2.0 permite a atacantes obtener privilegios mediante "algunos comandos HMC". • http://secunia.com/advisories/27961 http://www-1.ibm.com/support/docview.wss?uid=isg1MB02226 http://www.securitytracker.com/id?1019062 http://www.vupen.com/english/advisories/2007/4144 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#MH01065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1

Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. • http://securitytracker.com/id?1006117 https://exchange.xforce.ibmcloud.com/vulnerabilities/11358 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7572 http://www.securityfocus.com/bid/7573 http://www.securityfocus.com/bid/7576 http://www.securityfocus.com/bid/7577 http://www.securityfocus.com/bid/7584 https://exchange.xforce.ibmcloud.com/vulnerabilities/12487 https://exchange.xforce.ibmcloud.com/vulnerabilities/12502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 3

Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. • https://www.exploit-db.com/exploits/22268 http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html http://secunia.com/advisories/8125 http://www.osvdb.org/3931 http://www.securityfocus.com/bid/6892 https://exchange.xforce.ibmcloud.com/vulnerabilities/11376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •