Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-30 | CVE-2016-0397 | Information Exposure vulnerability in IBM Bigfix Webreports WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | 5.9 |
| 2016-08-30 | CVE-2016-0292 | Information Exposure vulnerability in IBM Bigfix WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. | 5.5 |
| 2016-08-29 | CVE-2016-5721 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-26 | CVE-2015-5399 | Cross-site Scripting vulnerability in PHPvibe 4.20 Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | 5.4 |
| 2016-08-26 | CVE-2016-5683 | Unspecified vulnerability in Readydesk 9.1 ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file. | 7.8 |
| 2016-08-26 | CVE-2016-5664 | Path Traversal vulnerability in Accellion Kiteworks Appliance Kw2016.03.00 Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI. | 4.3 |
| 2016-08-26 | CVE-2016-5663 | Cross-site Scripting vulnerability in Accellion Kiteworks Appliance Kw2016.03.00 Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. | 6.1 |
| 2016-08-26 | CVE-2016-5662 | Unspecified vulnerability in Accellion Kiteworks Appliance Kw2016.03.00 Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2016-08-26 | CVE-2016-5050 | Unrestricted Upload of File with Dangerous Type vulnerability in Readydesk 9.1 Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | 9.8 |
| 2016-08-26 | CVE-2016-5049 | Path Traversal vulnerability in Readydesk 9.1 Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. | 7.5 |