CVSS: 6.2EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0321
https://notcve.org/view.php?id=CVE-2016-0321
IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. IBM Personal Communications (también conocido como PCOMM) 6.x en versiones anteriores a 6.0.17 y 12.x en versiones anteriores a 12.0.0.1 no restringe correctamente la extracción de credenciales, lo cual permite a usuarios locales descubrir contraseñas aprovechando el acceso a la cuenta de la víctima y ejecutando una secuencia de comandos PowerShell. • http://www-01.ibm.com/support/docview.wss?uid=swg1IT12006 http://www-01.ibm.com/support/docview.wss?uid=swg21981692 http://www.securityfocus.com/bid/91751 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 91%CPEs: 3EXPL: 4CVE-2012-0201 – IBM Personal Communications iSeries Access WorkStation 5.9 Profile
https://notcve.org/view.php?id=CVE-2012-0201
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file. Desbordamiento de buffer de pila en pcspref.dll de pcsws.exe de IBM Personal Communications 5.9.x anteriores a 5.9.8 y 6.0.x anteriores a 6.0.4 permiten a atacantes remotos ejecutar código arbitrario a través de una cadena de perfil extensa ("long profile string") en un archivo WorkStation (.ws). • https://www.exploit-db.com/exploits/18539 http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb http://www-01.ibm.com/support/docview.wss?uid=swg1IC81539 http://www-01.ibm.com/support/docview.wss?uid=swg21586166 http://www.exploit-db.com/exploits/18539 http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •