|
266681
|
8.6 |
HIGH
Network
|
wordpress
|
wordpress
|
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o…
|
NVD-CWE-Other
|
CVE-2016-2222
|
2024-11-21 11:48 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266682
|
7.4 |
HIGH
Network
|
wordpress
|
wordpress
|
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph…
|
NVD-CWE-Other
|
CVE-2016-2221
|
2024-11-21 11:48 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266683
|
9.1 |
CRITICAL
Network
|
symantec
|
anti-virus_engine
|
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system …
|
CWE-399
Resource Management Errors
|
CVE-2016-2208
|
2024-11-21 11:48 |
2016-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266684
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2554
|
2024-11-21 11:48 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266685
|
9.8 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-2298
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266686
|
9.4 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
|
NVD-CWE-noinfo
|
CVE-2016-2297
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266687
|
9.4 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify dat…
|
CWE-254
7PK - Security Features
|
CVE-2016-2296
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266688
|
6.5 |
MEDIUM
Network
|
openafs
debian
|
openafs
debian_linux
|
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups …
|
CWE-284
Improper Access Control
|
CVE-2016-2860
|
2024-11-21 11:48 |
2016-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266689
|
7.5 |
HIGH
Network
|
fedoraproject
botan_project
|
fedora
botan
|
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2016-2850
|
2024-11-21 11:48 |
2016-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266690
|
7.5 |
HIGH
Network
|
debian
fedoraproject
botan_project
|
debian_linux
fedora
botan
|
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret ke…
|
CWE-200
Information Exposure
|
CVE-2016-2849
|
2024-11-21 11:48 |
2016-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
