|
265331
|
5.5 |
MEDIUM
Local
|
netiq
|
access_manager
|
NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML Extern…
|
CWE-611
XXE
|
CVE-2016-5749
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265332
|
5.5 |
MEDIUM
Local
|
netiq
|
access_manager
|
External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local f…
|
CWE-611
XXE
|
CVE-2016-5748
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265333
|
7.5 |
HIGH
Network
|
novell
|
edirectory
|
A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging pre…
|
CWE-284
Improper Access Control
|
CVE-2016-5747
|
2024-11-21 11:54 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265334
|
5.5 |
MEDIUM
Local
|
libtiff
debian
|
libtiff
debian_linux
|
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5315
|
2024-11-21 11:54 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265335
|
8.8 |
HIGH
Network
|
netapp
|
data_ontap
|
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5374
|
2024-11-21 11:54 |
2017-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265336
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-5364
|
2024-11-21 11:54 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265337
|
7.5 |
HIGH
Network
|
gnu
|
glibc
|
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (me…
|
CWE-399
Resource Management Errors
|
CVE-2016-5417
|
2024-11-21 11:54 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265338
|
8.8 |
HIGH
Network
|
simplemachines
|
simple_machines_forum
|
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input…
|
CWE-94
Code Injection
|
CVE-2016-5727
|
2024-11-21 11:54 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265339
|
9.8 |
CRITICAL
Network
|
simplemachines
|
simple_machines_forum
|
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
|
CWE-94
Code Injection
|
CVE-2016-5726
|
2024-11-21 11:54 |
2017-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265340
|
9.8 |
CRITICAL
Network
|
netapp
|
virtual_storage_console_for_vmware_vsphere
|
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-5711
|
2024-11-21 11:54 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
