|
265161
|
5.9 |
MEDIUM
Network
|
wireshark
|
wireshark
|
wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buff…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4415
|
2024-11-21 11:52 |
2016-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265162
|
5.5 |
MEDIUM
Local
|
gmer
|
gmer
|
A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overfl…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-4289
|
2024-11-21 11:51 |
2019-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265163
|
9.8 |
CRITICAL
Network
|
web2py
|
web2py
|
The secure_load function in gluon/utils.py in web2py before 2.14.2 uses pickle.loads to deserialize session information stored in cookies, which might allow remote attackers to execute arbitrary code…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-3957
|
2024-11-21 11:51 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265164
|
5.5 |
MEDIUM
Local
|
web2py
|
web2py
|
web2py before 2.14.2 allows remote attackers to obtain the session_cookie_key value via a direct request to examples/simple_examples/status. NOTE: this issue can be leveraged by remote attackers to …
|
CWE-200
Information Exposure
|
CVE-2016-3954
|
2024-11-21 11:51 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265165
|
9.8 |
CRITICAL
Network
|
web2py
|
web2py
|
The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect func…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-3953
|
2024-11-21 11:51 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265166
|
7.8 |
HIGH
Local
|
web2py
|
web2py
|
web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/template_examples/beautify. NOTE: this issue c…
|
CWE-255
Credentials Management
|
CVE-2016-3952
|
2024-11-21 11:51 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265167
|
9.8 |
CRITICAL
Network
|
jython_project
debian
|
jython
debian_linux
|
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-4000
|
2024-11-21 11:51 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265168
|
8.1 |
HIGH
Network
|
netapp
|
altavault
|
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3998
|
2024-11-21 11:51 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265169
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement i…
|
CWE-254
7PK - Security Features
|
CVE-2016-3997
|
2024-11-21 11:51 |
2017-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265170
|
7.8 |
HIGH
Local
|
extplorer
|
extplorer
|
Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file.
|
CWE-22
Path Traversal
|
CVE-2016-4313
|
2024-11-21 11:51 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
