|
264901
|
4.3 |
MEDIUM
Network
|
cybozu
|
office
|
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
|
CWE-200
Information Exposure
|
CVE-2016-4867
|
2024-11-21 11:53 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264902
|
4.8 |
MEDIUM
Network
|
cybozu
|
office
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4866
|
2024-11-21 11:53 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264903
|
4.8 |
MEDIUM
Network
|
cybozu
|
office
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4865
|
2024-11-21 11:53 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264904
|
5.3 |
MEDIUM
Network
|
zohocorp
|
servicedesk_plus
|
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a co…
|
CWE-254
7PK - Security Features
|
CVE-2016-4890
|
2024-11-21 11:53 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264905
|
8.8 |
HIGH
Network
|
zohocorp
|
servicedesk_plus
|
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4889
|
2024-11-21 11:53 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264906
|
5.4 |
MEDIUM
Network
|
zohocorp
|
servicedesk_plus
|
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4888
|
2024-11-21 11:53 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264907
|
6.1 |
MEDIUM
Network
|
databox_project
userbox_project
assist_project
|
databox_plugin
userbox_plugin
assist_plugin
|
Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 fo…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4875
|
2024-11-21 11:53 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264908
|
9.8 |
CRITICAL
Network
|
novastor
|
novabackup_datacenter
|
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
|
CWE-20
Improper Input Validation
|
CVE-2016-4899
|
2024-11-21 11:53 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264909
|
9.8 |
CRITICAL
Network
|
novastor
|
novabackup_datacenter
|
The datamover module in the Linux version of NovaBACKUP DataCenter before 09.06.03.0353 is vulnerable to remote command execution via unspecified attack vectors.
|
CWE-20
Improper Input Validation
|
CVE-2016-4898
|
2024-11-21 11:53 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264910
|
7.5 |
HIGH
Network
|
netty
redhat
apache
|
netty
jboss_data_grid
jboss_middleware_text-only_advisories
cassandra
|
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2016-4970
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
