|
265781
|
7.5 |
HIGH
Network
|
prosody
fedoraproject
debian
|
prosody
fedora
debian_linux
|
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoo…
|
NVD-CWE-Other
|
CVE-2016-1232
|
2024-11-21 11:46 |
2016-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265782
|
5.9 |
MEDIUM
Network
|
fedoraproject
prosody
debian
|
fedora
prosody
debian_linux
|
Directory traversal vulnerability in the HTTP file-serving module (mod_http_files) in Prosody 0.9.x before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) in an unspecified p…
|
CWE-22
Path Traversal
|
CVE-2016-1231
|
2024-11-21 11:46 |
2016-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265783
|
6.1 |
MEDIUM
Network
|
field_group_project
|
field_group
|
Cross-site scripting (XSS) vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1565
|
2024-11-21 11:46 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265784
|
4.3 |
MEDIUM
Network
|
owncloud
|
owncloud
|
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exce…
|
CWE-200
Information Exposure
|
CVE-2016-1501
|
2024-11-21 11:46 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265785
|
3.1 |
LOW
Network
|
owncloud
|
owncloud
|
ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, …
|
CWE-200
Information Exposure
|
CVE-2016-1500
|
2024-11-21 11:46 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265786
|
8.5 |
HIGH
Network
|
owncloud
|
owncloud
|
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of serv…
|
CWE-200
CWE-399
Information Exposure
Resource Management Errors
|
CVE-2016-1499
|
2024-11-21 11:46 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265787
|
6.1 |
MEDIUM
Network
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1498
|
2024-11-21 11:46 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265788
|
9.8 |
CRITICAL
Network
|
pcre
php
fedoraproject
oracle
|
pcre
php
fedora
solaris
|
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-1283
|
2024-11-21 11:46 |
2016-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265789
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename lead…
|
-
|
CVE-2016-15038
|
2024-11-21 11:45 |
2024-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265790
|
9.8 |
CRITICAL
Network
|
liftkit_database_library_project
|
liftkit_database_library
|
A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql…
|
-
|
CVE-2016-15020
|
2024-11-21 11:45 |
2023-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
