|
266001
|
7.8 |
HIGH
Local
|
synology
|
photo_station
|
Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10323
|
2024-11-21 11:43 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266002
|
8.8 |
HIGH
Network
|
synology
|
photo_station
|
Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php.
|
CWE-77
Command Injection
|
CVE-2016-10322
|
2024-11-21 11:43 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266003
|
9.8 |
CRITICAL
Network
|
sap
|
netweaver
|
Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10311
|
2024-11-21 11:43 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266004
|
4.9 |
MEDIUM
Network
|
sap
|
sql_anywhere
|
Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and p…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10310
|
2024-11-21 11:43 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266005
|
9.8 |
CRITICAL
Network
|
web2py
|
web2py
|
web2py before 2.14.6 does not properly check if a host is denied before verifying passwords, allowing a remote attacker to perform brute-force attacks.
|
CWE-254
7PK - Security Features
|
CVE-2016-10321
|
2024-11-21 11:43 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266006
|
6.5 |
MEDIUM
Network
|
sap
|
netweaver_application_server_java
|
The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service (out-of-memory error and service instability) via a crafted serialized Java ob…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-10304
|
2024-11-21 11:43 |
2017-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266007
|
6.1 |
MEDIUM
Network
|
clip-bucket
|
clipbucket
|
Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occu…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1000307
|
2024-11-21 11:43 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266008
|
7.8 |
HIGH
Local
|
textract_project
|
textract
|
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.
|
CWE-78
OS Command
|
CVE-2016-10320
|
2024-11-21 11:43 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266009
|
5.9 |
MEDIUM
Network
|
arm_trusted_firmware_project
|
arm_trusted_firmware
|
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involvin…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-10319
|
2024-11-21 11:43 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266010
|
6.5 |
MEDIUM
Network
|
linux
|
linux_kernel
|
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10318
|
2024-11-21 11:43 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
