IBM TRIRIGA Application Platform 3.3 before 220.127.116.11, 3.4 before 18.104.22.168, and 3.5 before 22.214.171.124 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and trigger network traffic to arbitrary intranet or Internet hosts, via a crafted proxy request to a web service.
IBM UrbanCode Deploy 6.0.x before 126.96.36.199, 6.1.x before 188.8.131.52, and 6.2.x before 184.108.40.206 does not properly implement a logging-obfuscation feature for secure properties, which allows remote authenticated users to obtain sensitive information via vectors involving special characters.
IBM UrbanCode Deploy 6.0.x before 220.127.116.11, 6.1.x before 18.104.22.168, and 6.2.x before 22.214.171.124, when agent-relay Codestation artifact caching is enabled, allows remote attackers to bypass authentication and obtain sensitive artifact information via unspecified vectors.
The builder tools in IBM TRIRIGA Application Platform 3.3 before 126.96.36.199, 3.4 before 188.8.131.52, and 3.5 before 184.108.40.206 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
IBM MessageSight 1.1.x through 220.127.116.11, 1.2.x through 18.104.22.168, and 2.0.x through 22.214.171.124 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors.
Shmuel H discovered that GIMP, the GNU Image Manipulation Program, is
prone to a use-after-free vulnerability in the channel and layer
properties parsing process when loading a XCF file. An attacker can take
advantage of this flaw to potentially execute arbitrary code with the
privileges of the user running GIMP if a specially crafted XCF file is
This archive contains all of the 234 exploits added to Packet Storm in June, 2016.
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device.