CVE-2016-4170
https://notcve.org/view.php?id=CVE-2016-4170
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe Experience Manager 5.6.1, 6.0, 6.1 y 6.2 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/92378 http://www.securitytracker.com/id/1036563 https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-0957
https://notcve.org/view.php?id=CVE-2016-0957
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Dispatcher en versiones anteriores a 4.1.5 en Adobe Experience Manager 5.6.1, 6.0.0 y 6.1.0 no implementa correctamente un filtro URL, lo que permite a atacantes remotos eludir las normas del dispatcher a través de vectores no especificados. • https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html •
CVE-2016-0958
https://notcve.org/view.php?id=CVE-2016-0958
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. Adobe Experience Manager 5.6.1, 6.0.0 y 6.1.0 podría permitir a atacantes remotos tener un impacto no especificado a través de un objeto Java serializado manipulado. • https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0956 – Apache Sling Framework (Adobe AEM) 2.3.6 - Information Disclosure
https://notcve.org/view.php?id=CVE-2016-0956
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. El componente Servlets Post 2.3.6 en Apache Sling, como se utiliza en Adobe Experience Manager 5.6.1, 6.0.0 y 6.1.0, permite a atacantes remotos obtener información sensible a través de vectores no especificados. Apache Sling Framework version 2.3.6 suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/39435 http://packetstormsecurity.com/files/135720/Apache-Sling-Framework-2.3.6-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Feb/48 http://www.securityfocus.com/archive/1/537498/100/0/threaded https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •