|
264951
|
8.6 |
HIGH
Network
|
php
|
php
|
Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5095
|
2024-11-21 11:53 |
2016-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264952
|
8.6 |
HIGH
Network
|
php
|
php
|
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecifie…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5094
|
2024-11-21 11:53 |
2016-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264953
|
8.6 |
HIGH
Network
|
php
|
php
|
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before 7.0.7 does not ensure the presence of a '\0' character, which allows …
|
CWE-125
Out-of-bounds Read
|
CVE-2016-5093
|
2024-11-21 11:53 |
2016-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264954
|
9.8 |
CRITICAL
Network
|
redhat
|
jboss_bpm_suite
jboss_enterprise_brms_platform
dashbuilder
|
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to …
|
CWE-89
SQL Injection
|
CVE-2016-4999
|
2024-11-21 11:53 |
2016-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264955
|
5.5 |
MEDIUM
Local
|
apache
|
poi
|
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity r…
|
CWE-611
XXE
|
CVE-2016-5000
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264956
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to con…
|
CWE-254
7PK - Security Features
|
CVE-2016-5268
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264957
|
5.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.
|
CWE-20
Improper Input Validation
|
CVE-2016-5267
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264958
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web sit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5266
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264959
|
5.5 |
MEDIUM
Local
|
oracle
mozilla
|
linux
firefox
|
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, b…
|
CWE-79
CWE-200
Cross-site Scripting
Information Exposure
|
CVE-2016-5265
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264960
|
8.8 |
HIGH
Network
|
mozilla
oracle
|
firefox
linux
|
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary c…
|
CWE-416
Use After Free
|
CVE-2016-5264
|
2024-11-21 11:53 |
2016-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
