|
257281
|
5.9 |
MEDIUM
Network
|
trendmicro
|
mobile_security
|
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
|
CWE-295
Improper Certificate Validation
|
CVE-2016-9319
|
2024-11-21 12:00 |
2017-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257282
|
5.5 |
MEDIUM
Local
|
jasper_project
fedoraproject
|
jasper
fedora
|
The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-8884
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257283
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9130
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257284
|
5.3 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Rev…
|
CWE-200
Information Exposure
|
CVE-2016-9129
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257285
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to stea…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9128
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257286
|
8.8 |
HIGH
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send…
|
CWE-352
Origin Validation Error
|
CVE-2016-9127
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257287
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9126
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257288
|
9.8 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful au…
|
CWE-384
Session Fixation
|
CVE-2016-9125
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257289
|
9.8 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown …
|
CWE-287
Improper Authentication
|
CVE-2016-9124
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257290
|
7.5 |
HIGH
Network
|
go-jose_project
|
go-jose
|
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectur…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9123
|
2024-11-21 12:00 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
