|
266121
|
8.1 |
HIGH
Network
|
forgerock
|
racf_connector
|
Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote …
|
CWE-20
Improper Input Validation
|
CVE-2016-6500
|
2024-11-21 11:56 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266122
|
6.7 |
MEDIUM
Local
|
emc
|
recoverpoint_for_virtual_machines
recoverpoint
|
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with …
|
CWE-77
Command Injection
|
CVE-2016-6649
|
2024-11-21 11:56 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266123
|
4.4 |
MEDIUM
Local
|
emc
|
recoverpoint_for_virtual_machines
recoverpoint
|
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissi…
|
CWE-275
Permission Issues
|
CVE-2016-6648
|
2024-11-21 11:56 |
2017-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266124
|
8.6 |
HIGH
Network
|
phpmyadmin
|
phpmyadmin
|
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2016-6621
|
2024-11-21 11:56 |
2017-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266125
|
9.8 |
CRITICAL
Network
|
samsung
|
exynos_fimg2d
|
NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-6604
|
2024-11-21 11:56 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266126
|
7.5 |
HIGH
Network
|
atlassian
|
confluence_server
jira_integration_for_hipchat
|
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA …
|
CWE-200
Information Exposure
|
CVE-2016-6668
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266127
|
9.8 |
CRITICAL
Network
|
zohocorp
|
webnms_framework
|
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.
|
CWE-20
Improper Input Validation
|
CVE-2016-6603
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266128
|
9.8 |
CRITICAL
Network
|
zohocorp
|
webnms_framework
|
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2016-6602
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266129
|
7.5 |
HIGH
Network
|
zohocorp
|
webnms_framework
|
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame…
|
CWE-22
Path Traversal
|
CVE-2016-6601
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266130
|
9.8 |
CRITICAL
Network
|
zohocorp
|
webnms_framework
|
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2016-6600
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
