|
264481
|
7.5 |
HIGH
Network
|
zohocorp
|
webnms_framework
|
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame…
|
CWE-22
Path Traversal
|
CVE-2016-6601
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264482
|
9.8 |
CRITICAL
Network
|
zohocorp
|
webnms_framework
|
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2016-6600
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264483
|
9.1 |
CRITICAL
Network
|
doorkeeper_project
|
doorkeeper
|
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat…
|
CWE-254
7PK - Security Features
|
CVE-2016-6582
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264484
|
8.8 |
HIGH
Network
|
gopivotal
|
grails
|
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of …
|
CWE-352
Origin Validation Error
|
CVE-2016-6521
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264485
|
9.8 |
CRITICAL
Network
|
liferay
|
liferay
|
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
|
CWE-22
Path Traversal
|
CVE-2016-6517
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264486
|
6.1 |
MEDIUM
Network
|
infoblox
|
netmri
|
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentTyp…
|
CWE-93
CRLF Injection
|
CVE-2016-6484
|
2024-11-21 11:56 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264487
|
7.5 |
HIGH
Network
|
apache
|
groovy_ldap
|
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all searc…
|
CWE-254
7PK - Security Features
|
CVE-2016-6497
|
2024-11-21 11:56 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264488
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds writ…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-6823
|
2024-11-21 11:56 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264489
|
7.8 |
HIGH
Local
|
samsung
|
samsung_mobile
|
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6527
|
2024-11-21 11:56 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264490
|
7.8 |
HIGH
Local
|
samsung
|
samsung_mobile
|
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6526
|
2024-11-21 11:56 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
