|
257141
|
7.5 |
HIGH
Network
|
boa
|
boa
|
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
|
CWE-20
Improper Input Validation
|
CVE-2016-9564
|
2024-11-21 12:01 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257142
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontr…
|
CWE-89
SQL Injection
|
CVE-2016-9481
|
2024-11-21 12:01 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257143
|
9.1 |
CRITICAL
Network
|
libdwarf_project
|
libdwarf
|
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-9480
|
2024-11-21 12:01 |
2016-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257144
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9644
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257145
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-…
|
CWE-125
Out-of-bounds Read
|
CVE-2016-9555
|
2024-11-21 12:01 |
2016-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257146
|
6.5 |
MEDIUM
Network
|
drupal
|
drupal
|
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
|
CWE-20
Improper Input Validation
|
CVE-2016-9452
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257147
|
6.8 |
MEDIUM
Network
|
drupal
|
drupal
|
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
|
CWE-601
Open Redirect
|
CVE-2016-9451
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257148
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2016-9450
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257149
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of acc…
|
CWE-200
Information Exposure
|
CVE-2016-9449
|
2024-11-21 12:01 |
2016-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257150
|
5.5 |
MEDIUM
Local
|
samsung
|
samsung_mobile
|
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exp…
|
CWE-200
Information Exposure
|
CVE-2016-9567
|
2024-11-21 12:01 |
2016-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
