4 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials El plugin Unity Web Player anterior a versión 4.6.6f2 y versiones 5.x anteriores a 5.0.3f2, permite a los atacantes leer mensajes o acceder a servicios en línea por medio de credenciales de una víctima • https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Spotfire Web Player Engine, Spotfire Desktop y el módulo de autenticación de servidor de Spotfire en TIBCO Spotfire Server 3.3.x anterior a 3.3.4, 4.5.x anterior a 4.5.1, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.2; Spotfire Professional 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Web Player 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Automation Services 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Deployment Kit 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Desktop 6.x anterior a 6.0.1 y Spotfire Analyst 6.x anterior a 6.0.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt •

CVSS: 7.5EPSS: 17%CPEs: 1EXPL: 3

Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename. • https://www.exploit-db.com/exploits/1239 http://aluigi.altervista.org/adv/virtbugs-adv.txt http://marc.info/?l=bugtraq&m=112811771331997&w=2 http://secunia.com/advisories/17034 http://securitytracker.com/id?1014993 http://www.securityfocus.com/bid/14990 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 2

Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename. • http://aluigi.altervista.org/adv/virtbugs-adv.txt http://marc.info/?l=bugtraq&m=112811771331997&w=2 http://secunia.com/advisories/17034 http://securityreason.com/securityalert/40 http://securitytracker.com/id?1014993 http://www.securityfocus.com/bid/14991 https://exchange.xforce.ibmcloud.com/vulnerabilities/22471 •