|
265691
|
8.8 |
HIGH
Local
|
selinux_project
fedoraproject
redhat
|
selinux
fedora
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
enterprise_linux_server_tus
|
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
|
CWE-284
Improper Access Control
|
CVE-2016-7545
|
2024-11-21 11:58 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265692
|
8.4 |
HIGH
Local
|
gnu
fedoraproject
|
bash
fedora
|
Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.
|
CWE-20
Improper Input Validation
|
CVE-2016-7543
|
2024-11-21 11:58 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265693
|
6.1 |
MEDIUM
Network
|
emc
|
documentum_webtop
documentum_administrator
documentum_taskspace
documentum_capital_projects
|
EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8213
|
2024-11-21 11:58 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265694
|
7.4 |
HIGH
Network
|
spip
|
spip
|
ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2016-7999
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265695
|
8.8 |
HIGH
Network
|
spip
|
spip
|
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag a…
|
CWE-20
Improper Input Validation
|
CVE-2016-7998
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265696
|
7.5 |
HIGH
Network
|
graphicsmagick
|
graphicsmagick
|
The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7997
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265697
|
9.8 |
CRITICAL
Network
|
graphicsmagick
|
graphicsmagick
|
Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-7996
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265698
|
7.5 |
HIGH
Network
|
spip
|
spip
|
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti…
|
CWE-22
Path Traversal
|
CVE-2016-7982
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265699
|
6.1 |
MEDIUM
Network
|
spip
|
spip
|
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7981
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265700
|
8.8 |
HIGH
Network
|
spip
|
spip
|
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execu…
|
CWE-352
Origin Validation Error
|
CVE-2016-7980
|
2024-11-21 11:58 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
