|
268431
|
4.4 |
MEDIUM
Local
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest admi…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2016-5105
|
2024-11-21 11:53 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268432
|
6.0 |
MEDIUM
Local
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual SCSI bus emulation support, allows local guest OS administrators to cause a denial of service (out-of-bounds array access) via vec…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-4952
|
2024-11-21 11:53 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268433
|
7.8 |
HIGH
Local
|
akabei_soft2
|
happy_wardrobe
|
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
|
CWE-78
OS Command
|
CVE-2016-4853
|
2024-11-21 11:53 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268434
|
6.1 |
MEDIUM
Network
|
let\'s_php\!
|
simple_chat
|
Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4851
|
2024-11-21 11:53 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268435
|
6.1 |
MEDIUM
Network
|
clip-bucket
|
clipbucket
|
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4848
|
2024-11-21 11:53 |
2016-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268436
|
6.5 |
MEDIUM
Network
|
netapp
|
oncommand_system_manager
|
NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-5047
|
2024-11-21 11:53 |
2016-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268437
|
9.8 |
CRITICAL
Network
|
readydesk
|
readydesk
|
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-5050
|
2024-11-21 11:53 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268438
|
7.5 |
HIGH
Network
|
readydesk
|
readydesk
|
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in …
|
CWE-22
Path Traversal
|
CVE-2016-5049
|
2024-11-21 11:53 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268439
|
9.8 |
CRITICAL
Network
|
readydesk
|
readydesk
|
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
|
CWE-89
SQL Injection
|
CVE-2016-5048
|
2024-11-21 11:53 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268440
|
7.5 |
HIGH
Network
|
f5
|
big-ip_edge_gateway
big-ip_protocol_security_module
big-ip_analytics
big-ip_application_security_manager
big-ip_advanced_firewall_manager
big-ip_domain_name_system
big-ip_policy_enf…
|
Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote att…
|
CWE-284
Improper Access Control
|
CVE-2016-5023
|
2024-11-21 11:53 |
2016-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
