|
266121
|
8.8 |
HIGH
Network
|
cybozu
|
office
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2016-1151
|
2024-11-21 11:45 |
2016-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266122
|
6.1 |
MEDIUM
Network
|
cybozu
|
office
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1150
|
2024-11-21 11:45 |
2016-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266123
|
6.1 |
MEDIUM
Network
|
cybozu
|
office
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1149
|
2024-11-21 11:45 |
2016-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266124
|
7.5 |
HIGH
Network
|
nec
|
expresscluster_x
|
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via u…
|
CWE-22
Path Traversal
|
CVE-2016-1145
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266125
|
5.4 |
MEDIUM
Network
|
websquare
|
job-cube
|
Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1144
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266126
|
6.1 |
MEDIUM
Network
|
vine_mv_project
|
vine_mv
|
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-1143
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266127
|
4.7 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2016-1141
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266128
|
6.1 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-254
7PK - Security Features
|
CVE-2016-1140
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266129
|
7.5 |
HIGH
Network
|
kddi
|
home_spot_cube_firmware
|
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-1139
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266130
|
4.7 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2016-1138
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
