|
258081
|
8.6 |
HIGH
Network
|
s9y
|
serendipity
|
In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2016-9752
|
2024-11-21 12:01 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258082
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9751
|
2024-11-21 12:01 |
2016-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258083
|
7.5 |
HIGH
Network
|
boa
|
boa
|
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
|
CWE-20
Improper Input Validation
|
CVE-2016-9564
|
2024-11-21 12:01 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258084
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontr…
|
CWE-89
SQL Injection
|
CVE-2016-9481
|
2024-11-21 12:01 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258085
|
9.1 |
CRITICAL
Network
|
libdwarf_project
|
libdwarf
|
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-9480
|
2024-11-21 12:01 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258086
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9644
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258087
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9555
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258088
|
6.5 |
MEDIUM
Network
|
drupal
|
drupal
|
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
|
CWE-20
Improper Input Validation
|
CVE-2016-9452
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258089
|
6.8 |
MEDIUM
Network
|
drupal
|
drupal
|
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
|
CWE-601
Open Redirect
|
CVE-2016-9451
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258090
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2016-9450
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
