|
264911
|
9.8 |
CRITICAL
Network
|
eclipse
|
jetty
|
The path normalization mechanism in PathResource class in Eclipse Jetty 9.3.x before 9.3.9 on Windows allows remote attackers to bypass protected resource restrictions and other security constraints …
|
CWE-284
Improper Access Control
|
CVE-2016-4800
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264912
|
6.1 |
MEDIUM
Network
|
webmin
|
usermin
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4897
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264913
|
6.5 |
MEDIUM
Network
|
setucocms_project
|
setucocms
|
SetsucoCMS all versions does not properly manage sessions, which allows remote attackers to disclose or alter unauthorized information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4896
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264914
|
8.8 |
HIGH
Network
|
setucocms_project
|
setucocms
|
SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2016-4895
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264915
|
5.3 |
MEDIUM
Network
|
setucocms_project
|
setucocms
|
SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-4894
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264916
|
8.8 |
HIGH
Network
|
setucocms_project
|
setucocms
|
SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2016-4893
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264917
|
6.1 |
MEDIUM
Network
|
setucocms_project
|
setucocms
|
Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4892
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264918
|
8.8 |
HIGH
Network
|
setucocms_project
|
setucocms
|
Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4891
|
2024-11-21 11:53 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264919
|
7.0 |
HIGH
Local
|
setroubleshoot_project
redhat
|
setroubleshoot
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
|
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by…
|
CWE-77
Command Injection
|
CVE-2016-4989
|
2024-11-21 11:53 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264920
|
4.6 |
MEDIUM
Physics
|
kernel
redhat
ibm
|
util-linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_aus
enterprise_linux_eus
powerkvm
…
|
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS p…
|
NVD-CWE-noinfo
|
CVE-2016-5011
|
2024-11-21 11:53 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
