|
265131
|
5.4 |
MEDIUM
Network
|
openstack
redhat
debian
|
horizon
openstack
debian_linux
|
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecti…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4428
|
2024-11-21 11:52 |
2016-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265132
|
7.8 |
HIGH
Local
|
wecon
|
levistudiou
|
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4533
|
2024-11-21 11:52 |
2016-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265133
|
9.8 |
CRITICAL
Network
|
moxa
|
device_server_web_console_5232-n_firmware
|
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserI…
|
CWE-287
Improper Authentication
|
CVE-2016-4503
|
2024-11-21 11:52 |
2016-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265134
|
7.5 |
HIGH
Network
|
apache
debian
|
xerces-c\+\+
debian_linux
|
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4463
|
2024-11-21 11:52 |
2016-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265135
|
6.1 |
MEDIUM
Network
|
bosch
|
bladecontrol-webvis
|
Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4508
|
2024-11-21 11:52 |
2016-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265136
|
6.4 |
MEDIUM
Network
|
bosch
|
bladecontrol-webvis
|
SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2016-4507
|
2024-11-21 11:52 |
2016-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265137
|
5.3 |
MEDIUM
Network
|
apache
|
struts
|
The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field.
|
CWE-20
Improper Input Validation
|
CVE-2016-4465
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265138
|
9.8 |
CRITICAL
Network
|
apache
|
struts
|
The REST plugin in Apache Struts 2 2.3.19 through 2.3.28.1 allows remote attackers to execute arbitrary code via a crafted expression.
|
CWE-20
Improper Input Validation
|
CVE-2016-4438
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265139
|
7.5 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks via a crafted request.
|
CWE-20
Improper Input Validation
|
CVE-2016-4433
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265140
|
7.5 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to bypass intended access restrictions and conduct redirection attacks by leveraging a default method.
|
CWE-20
Improper Input Validation
|
CVE-2016-4431
|
2024-11-21 11:52 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
