|
267301
|
6.1 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7394
|
2024-11-21 11:57 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267302
|
7.8 |
HIGH
Local
|
ui
|
unifi_video
|
Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.
|
CWE-276
Incorrect Default Permissions
|
CVE-2016-6914
|
2024-11-21 11:57 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267303
|
8.1 |
HIGH
Network
|
netapp
|
vasa_provider
|
Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication cr…
|
CWE-255
Credentials Management
|
CVE-2016-6904
|
2024-11-21 11:57 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267304
|
7.5 |
HIGH
Network
|
freeipa
|
freeipa
|
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in whi…
|
CWE-255
Credentials Management
|
CVE-2016-7030
|
2024-11-21 11:57 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267305
|
7.8 |
HIGH
Local
|
redhat
|
storage_console
storage_console_node
|
rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.
|
CWE-255
Credentials Management
|
CVE-2016-7062
|
2024-11-21 11:57 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267306
|
9.8 |
CRITICAL
Network
|
redhat
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remot…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-7050
|
2024-11-21 11:57 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267307
|
5.3 |
MEDIUM
Network
|
citrix
|
xenmobile_server
|
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "o…
|
CWE-20
Improper Input Validation
|
CVE-2016-6877
|
2024-11-21 11:57 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267308
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue i…
|
CWE-284
Improper Access Control
|
CVE-2016-7054
|
2024-11-21 11:57 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267309
|
7.5 |
HIGH
Network
|
openssl
|
openssl
|
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7053
|
2024-11-21 11:57 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267310
|
5.9 |
MEDIUM
Network
|
openssl
nodejs
|
openssl
node.js
|
There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bi…
|
NVD-CWE-noinfo
|
CVE-2016-7055
|
2024-11-21 11:57 |
2017-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
