|
258041
|
6.1 |
MEDIUM
Network
|
spip
|
spip
|
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9997
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258042
|
6.5 |
MEDIUM
Network
|
apport_project
|
apport
|
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click…
|
CWE-284
Improper Access Control
|
CVE-2016-9951
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258043
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package sp…
|
CWE-22
Path Traversal
|
CVE-2016-9950
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258044
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers t…
|
CWE-94
Code Injection
|
CVE-2016-9949
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258045
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9967
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258046
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9966
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258047
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9965
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258048
|
6.5 |
MEDIUM
Network
|
bottlepy
debian
|
bottle
debian_linux
|
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
|
CWE-93
CRLF Injection
|
CVE-2016-9964
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258049
|
5.3 |
MEDIUM
Network
|
digium
|
asterisk
certified_asterisk
|
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_si…
|
CWE-285
Improper Authorization
|
CVE-2016-9938
|
2024-11-21 12:02 |
2016-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258050
|
7.5 |
HIGH
Network
|
digium
|
asterisk
|
An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x before 13.13.1 and 14.x before 14.2.1. If an SDP offer or answer is received with the Opus codec and with the format parameters sep…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-9937
|
2024-11-21 12:02 |
2016-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
