|
266781
|
9.8 |
CRITICAL
Network
|
atutor
|
atutor
|
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
|
CWE-89
SQL Injection
|
CVE-2016-2555
|
2024-11-21 11:48 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266782
|
6.1 |
MEDIUM
Network
|
mozilla
|
bugzilla
|
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2016-2803
|
2024-11-21 11:48 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266783
|
7.5 |
HIGH
Network
|
huawei
|
s5700_firmware
s6700_firmware
s7700_firmware
s9700_firmware
s12700_firmware
acu2_firmware
|
Huawei switches S5700, S6700, S7700, S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300, V200R005C00SPC500, V200R006C00; S12700 with software V200R005C00SPC500, V200R006C00; …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2404
|
2024-11-21 11:48 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266784
|
8.8 |
HIGH
Adjacent
|
pidgin
|
mxit
|
The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain log…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2016-2379
|
2024-11-21 11:48 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266785
|
7.5 |
HIGH
Network
|
uclibc-ng_project
|
uclibc-ng
|
The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via a crafted packet.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-2225
|
2024-11-21 11:48 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266786
|
7.5 |
HIGH
Network
|
uclibc-ng_project
|
uclibc-ng
|
The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before 1.0.12 allows remote DNS servers to cause a denial of service (infinite loop) via vectors involving compressed items in a reply.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-2224
|
2024-11-21 11:48 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266787
|
4.3 |
MEDIUM
Network
|
huawei
|
document_security_management
|
The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by l…
|
CWE-275
Permission Issues
|
CVE-2016-2406
|
2024-11-21 11:48 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266788
|
7.8 |
HIGH
Local
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340.
|
CWE-320
Key Management Errors
|
CVE-2016-2880
|
2024-11-21 11:48 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266789
|
7.8 |
HIGH
Local
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2016-2879
|
2024-11-21 11:48 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266790
|
7.8 |
HIGH
Local
|
gnu
|
libiberty
|
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2016-2226
|
2024-11-21 11:48 |
2017-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
