|
257231
|
6.1 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9889
|
2024-11-21 12:01 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257232
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a cr…
|
CWE-399
Resource Management Errors
|
CVE-2016-9561
|
2024-11-21 12:01 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257233
|
7.8 |
HIGH
Local
|
uclouvain
redhat
|
openjpeg
enterprise_linux
enterprise_linux_for_scientific_computing
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_power_big_endian
|
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
|
CWE-787
Out-of-bounds Write
|
CVE-2016-9675
|
2024-11-21 12:01 |
2016-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257234
|
5.4 |
MEDIUM
Network
|
rapid7
|
nexpose
|
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag nam…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9757
|
2024-11-21 12:01 |
2016-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257235
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a us…
|
CWE-284
Improper Access Control
|
CVE-2016-9838
|
2024-11-21 12:01 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257236
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in templates/beez3/html/com_content/article/default.php in Joomla! before 3.6.5. Inadequate permissions checks in the Beez3 layout override of the com_content article view all…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9837
|
2024-11-21 12:01 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257237
|
7.8 |
HIGH
Local
|
nagios
|
nagios
|
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged …
|
CWE-264
CWE-59
Permissions, Privileges, and Access Controls
Link Following
|
CVE-2016-9566
|
2024-11-21 12:01 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257238
|
9.8 |
CRITICAL
Network
|
nagios
|
nagios
|
MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed serv…
|
CWE-284
Improper Access Control
|
CVE-2016-9565
|
2024-11-21 12:01 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257239
|
6.5 |
MEDIUM
Network
|
tats
|
w3m
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
|
CWE-399
Resource Management Errors
|
CVE-2016-9633
|
2024-11-21 12:01 |
2016-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257240
|
6.5 |
MEDIUM
Network
|
tats
|
w3m
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-9632
|
2024-11-21 12:01 |
2016-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
