|
266471
|
9.8 |
CRITICAL
Network
|
dentsply_sirona
|
cdr_dicom
|
Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-6530
|
2024-11-21 11:56 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266472
|
7.5 |
HIGH
Network
|
apache
|
shiro
|
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.
|
CWE-284
Improper Access Control
|
CVE-2016-6802
|
2024-11-21 11:56 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266473
|
9.8 |
CRITICAL
Network
|
oracle
percona
mariadb
debian
redhat
|
mysql
percona_server
mariadb
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux
openstack
enterprise_linux_server
enterprise_linux_server_t…
|
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x befo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6662
|
2024-11-21 11:56 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266474
|
7.5 |
HIGH
Network
|
aver
|
eh6108h\+_firmware
|
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store passwords in a cleartext base64 format and require cleartext credentials in HTTP Cookie headers, which allows context-dependent a…
|
CWE-200
Information Exposure
|
CVE-2016-6537
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266475
|
9.8 |
CRITICAL
Network
|
aver
|
eh6108h\+_firmware
|
The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6536
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266476
|
9.8 |
CRITICAL
Network
|
aver
|
eh6108h\+_firmware
|
AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have hardcoded accounts, which allows remote attackers to obtain root access by leveraging knowledge of the credentials and establishin…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-6535
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266477
|
6.5 |
MEDIUM
Network
|
cisco
|
fog_director
|
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368.
|
CWE-20
Improper Input Validation
|
CVE-2016-6405
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266478
|
6.1 |
MEDIUM
Network
|
cisco
|
ios
|
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6404
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266479
|
5.9 |
MEDIUM
Network
|
cisco
|
ios
|
The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, when the IOx feature set is enabled, allows remote attackers to cause a denial of service via a crafted packet, aka Bug IDs CSCu…
|
CWE-399
Resource Management Errors
|
CVE-2016-6403
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266480
|
7.8 |
HIGH
Local
|
cisco
|
unified_computing_system
|
UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6402
|
2024-11-21 11:56 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
