CVE-2016-8922
https://notcve.org/view.php?id=CVE-2016-8922
Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Exphox WebRadar es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. • http://www.ibm.com/support/docview.wss?uid=swg21993561 http://www.securityfocus.com/bid/94413 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2901
https://notcve.org/view.php?id=CVE-2016-2901
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en la aplicación PA_Theme_Creator en IBM WebSphere Portal 8.5 CF08 hasta la versión CF10 y Web Content Manager permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1PI62594 http://www-01.ibm.com/support/docview.wss?uid=swg21983974 http://www.securitytracker.com/id/1036143 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'. A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. • http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 http://kb.juniper.net/InfoC • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2014-4763
https://notcve.org/view.php?id=CVE-2014-4763
Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en Content Navigator en Content Engine en IBM FileNet Content Manager 5.2.x anterior a 5.2.0.3-P8CPE-IF003 y Content Foundation 5.2.x anterior a 5.2.0.3-P8CPE-IF003 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/61127 http://www-01.ibm.com/support/docview.wss?uid=swg21679930 http://www-01.ibm.com/support/docview.wss?uid=swg21685574 http://www.securityfocus.com/bid/69798 https://exchange.xforce.ibmcloud.com/vulnerabilities/94660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-6746
https://notcve.org/view.php?id=CVE-2013-6746
Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content Manager 4.5.1 through 5.2.0, and Case Foundation 5.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en FileNet P8 Platform Documentation Installable Info Center 4.5.1 hasta la versión 5.2.0 en IBM FileNet Business Process Manager 4.5.1 hasta 5.1.0, FileNet Content Manager 4.5.1 hasta la versión 5.2.0, y Case Foundation 5.2.0 permite a atacantes remotos inyectar script Web arbitrario o HTML a través de vectores no especificados. • http://secunia.com/advisories/56500 http://www.ibm.com/support/docview.wss?uid=swg21662360 http://www.securityfocus.com/bid/65045 https://exchange.xforce.ibmcloud.com/vulnerabilities/89862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •