|
268781
|
7.8 |
HIGH
Local
|
novell
|
filr
|
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's conten…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-1611
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268782
|
7.5 |
HIGH
Network
|
novell
|
filr
|
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrict…
|
CWE-22
Path Traversal
|
CVE-2016-1610
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268783
|
5.4 |
MEDIUM
Network
|
novell
|
filr
|
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1609
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268784
|
8.8 |
HIGH
Network
|
novell
|
filr
|
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer pa…
|
CWE-284
Improper Access Control
|
CVE-2016-1608
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268785
|
7.2 |
HIGH
Network
|
novell
|
filr
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administr…
|
CWE-352
Origin Validation Error
|
CVE-2016-1607
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268786
|
6.5 |
MEDIUM
Network
|
netiq
|
sentinel
|
Directory traversal vulnerability in the ReportViewServlet servlet in the server in NetIQ Sentinel 7.4.x before 7.4.2 allows remote attackers to read arbitrary files via a PREVIEW value for the fileT…
|
CWE-22
Path Traversal
|
CVE-2016-1605
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268787
|
7.5 |
HIGH
Network
|
cisco
|
asyncos
|
Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932.
|
CWE-20
Improper Input Validation
|
CVE-2016-1461
|
2024-11-21 11:46 |
2016-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268788
|
6.5 |
MEDIUM
Adjacent
|
cisco
|
videoscape_session_resource_manager
|
Cisco Videoscape Session Resource Manager (VSRM) allows remote attackers to cause a denial of service (device restart) by sending a traffic flood to upstream devices, aka Bug ID CSCva01813.
|
CWE-399
Resource Management Errors
|
CVE-2016-1467
|
2024-11-21 11:46 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268789
|
6.5 |
MEDIUM
Adjacent
|
cisco
|
nx-os
|
Cisco Nexus 1000v Application Virtual Switch (AVS) devices before 5.2(1)SV3(1.5i) allow remote attackers to cause a denial of service (ESXi hypervisor crash and purple screen) via a crafted Cisco Dis…
|
CWE-399
Resource Management Errors
|
CVE-2016-1465
|
2024-11-21 11:46 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268790
|
7.5 |
HIGH
Network
|
cisco
|
firesight_system_software
|
Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 allows remote attackers to bypass Snort rules via crafted parameters in the header of an HTTP packet, aka Bug ID CSCuz20737.
|
CWE-20
Improper Input Validation
|
CVE-2016-1463
|
2024-11-21 11:46 |
2016-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
