Page 5 of 26 results (0.009 seconds)

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. Múltiples vulnerabilidades de inyección SQL en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 que permite a usuarios autenticados ejecutar código arbitrario SQL a través de parámetros sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 https://exchange.xforce.ibmcloud.com/vulnerabilities/82344 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to cause a denial of service (plug-in crash) via a crafted web page. Desbordamiento de búfer basado en pila en la implementación en el complemento Manual Explore del navegador Firefox para IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 que permite a atacantes remotos causar una denegación de servicios (caída del complemento) a través de una página web manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/82593 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de reportes manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

Cross-site request forgery (CSRF) vulnerability in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that cause a denial of service via malformed HTTP data. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 y IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 permite a atacantes remotos secuestrar la autenticación de usuarios de su elección para peticiones que provocan una denegación de servicio a través de HTTP con formato incorrecto de datos. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/82595 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0

The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platform Authentication credentials via a crafted web site. El complemento de navegador Manual Explore en IBM Security AppScan Enterprise v5.6 y v8.x anterior a v8.7 e IBM Rational Policy Tester v5.6 y v8.x anterior a v8.5.0.4 que permite a atacantes remotos descubrir la prueba de Platform Authentication de credenciales a través de sitios web manipulados. • http://www-01.ibm.com/support/docview.wss?uid=swg21626264 http://www-01.ibm.com/support/docview.wss?uid=swg21631304 https://exchange.xforce.ibmcloud.com/vulnerabilities/81338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •