|
264751
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7140
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264752
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7139
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264753
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7138
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264754
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing…
|
CWE-601
Open Redirect
|
CVE-2016-7137
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264755
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7136
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264756
|
4.9 |
MEDIUM
Network
|
plone
|
plone
|
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile ac…
|
CWE-22
Path Traversal
|
CVE-2016-7135
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264757
|
9.8 |
CRITICAL
Network
|
nefarious2_project
|
nefarious2
|
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE paramet…
|
CWE-287
Improper Authentication
|
CVE-2016-7145
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264758
|
5.5 |
MEDIUM
Local
|
dropbear_ssh_project
|
dropbear_ssh
|
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
|
CWE-200
Information Exposure
|
CVE-2016-7409
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264759
|
8.8 |
HIGH
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
|
CWE-284
Improper Access Control
|
CVE-2016-7408
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264760
|
9.8 |
CRITICAL
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
|
CWE-20
Improper Input Validation
|
CVE-2016-7407
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
