|
266361
|
6.5 |
MEDIUM
Network
|
cloudera
|
cdh
|
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
|
CWE-863
Incorrect Authorization
|
CVE-2016-6353
|
2024-11-21 11:55 |
2019-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266362
|
6.1 |
MEDIUM
Network
|
watchguard
|
fireware
|
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
|
CWE-79
CWE-601
Cross-site Scripting
Open Redirect
|
CVE-2016-6154
|
2024-11-21 11:55 |
2019-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266363
|
6.1 |
MEDIUM
Network
|
moxa
|
oncell_g3100v2_firmware
oncell_g3111_firmware
oncell_g3151_firmware
oncell_g3211_firmware
oncell_g3251_firmware
|
Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5819
|
2024-11-21 11:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266364
|
7.5 |
HIGH
Network
|
fatek
|
automation_fv_designer
automation_pm_designer_v3
|
A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-5800
|
2024-11-21 11:55 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266365
|
8.1 |
HIGH
Network
|
libexif_project
debian
canonical
|
libexif
debian_linux
ubuntu_linux
|
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some criti…
|
-
|
CVE-2016-6328
|
2024-11-21 11:55 |
2018-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266366
|
5.4 |
MEDIUM
Network
|
redhat
|
jboss_bpm_suite
|
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /d…
|
-
|
CVE-2016-6343
|
2024-11-21 11:55 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266367
|
7.5 |
HIGH
Network
|
epic
|
mychart
|
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.as…
|
CWE-91
Blind XPath Injection
|
CVE-2016-6272
|
2024-11-21 11:55 |
2018-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266368
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentiall…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-6169
|
2024-11-21 11:55 |
2018-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266369
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a …
|
CWE-416
Use After Free
|
CVE-2016-6168
|
2024-11-21 11:55 |
2018-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266370
|
6.1 |
MEDIUM
Network
|
sophos
|
puremessage
|
Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-6217
|
2024-11-21 11:55 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
