Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-07 | CVE-2016-2352 | Permissions, Privileges, and Access Controls vulnerability in Accellion File Transfer Appliance 80540/911200/911210 The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | 8.8 |
| 2016-05-07 | CVE-2016-2351 | SQL Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210 SQL injection vulnerability in home/seos/courier/security_key2.api on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote attackers to execute arbitrary SQL commands via the client_id parameter. | 9.8 |
| 2016-05-07 | CVE-2016-2350 | Cross-site Scripting vulnerability in Accellion File Transfer Appliance 80540/911200/911210 Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. | 6.1 |
| 2016-05-07 | CVE-2015-6552 | Improper Access Control vulnerability in Veritas Netbackup and Netbackup Appliance The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. | 9.8 |
| 2016-05-07 | CVE-2015-6551 | Information Exposure vulnerability in Veritas Netbackup and Netbackup Appliance Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets. | 5.9 |
| 2016-05-07 | CVE-2015-6550 | Improper Access Control vulnerability in Veritas Netbackup and Netbackup Appliance bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input. | 9.8 |
| 2016-05-07 | CVE-2016-2014 | Improper Access Control vulnerability in HP Network Node Manager I HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | 8.1 |
| 2016-05-07 | CVE-2016-2013 | Information Exposure vulnerability in HP Network Node Manager I HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 6.5 |
| 2016-05-07 | CVE-2016-2012 | Improper Authentication vulnerability in HP Network Node Manager I HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | 6.5 |
| 2016-05-07 | CVE-2016-2011 | Cross-site Scripting vulnerability in HP Network Node Manager I Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010. | 5.4 |