|
265911
|
7.8 |
HIGH
Local
|
avira
|
antivirus
|
Avira Antivirus engine versions before 8.3.36.60 allow remote code execution as NT AUTHORITY\SYSTEM via a section header with a very large relative virtual address in a PE file, causing an integer ov…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10402
|
2024-11-21 11:43 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265912
|
8.8 |
HIGH
Network
|
zyxel
|
pk5001z_firmware
|
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists …
|
CWE-255
Credentials Management
|
CVE-2016-10401
|
2024-11-21 11:43 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265913
|
7.5 |
HIGH
Network
|
atutor
|
atutor
|
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= af…
|
CWE-22
Path Traversal
|
CVE-2016-10400
|
2024-11-21 11:43 |
2017-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265914
|
6.2 |
MEDIUM
Physics
|
google
|
android
|
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10398
|
2024-11-21 11:43 |
2017-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265915
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.e…
|
CWE-20
Improper Input Validation
|
CVE-2016-10397
|
2024-11-21 11:43 |
2017-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265916
|
7.5 |
HIGH
Network
|
ipsec-tools
|
ipsec-tools
|
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhau…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2016-10396
|
2024-11-21 11:43 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265917
|
7.5 |
HIGH
Network
|
arcadyan
|
swisscom_internet-box_firmware
|
Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticat…
|
CWE-284
Improper Access Control
|
CVE-2016-10042
|
2024-11-21 11:43 |
2017-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265918
|
6.1 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10366
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265919
|
6.1 |
MEDIUM
Network
|
elastic
|
kibana
|
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website.
|
CWE-601
Open Redirect
|
CVE-2016-10365
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265920
|
6.5 |
MEDIUM
Network
|
elastic
|
kibana
|
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those se…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10364
|
2024-11-21 11:43 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
