|
265941
|
7.2 |
HIGH
Network
|
virtuemart
|
virtuemart
|
The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to…
|
CWE-89
SQL Injection
|
CVE-2016-10379
|
2024-11-21 11:43 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265942
|
7.2 |
HIGH
Network
|
e107
|
e107
|
e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.
|
CWE-89
SQL Injection
|
CVE-2016-10378
|
2024-11-21 11:43 |
2017-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265943
|
8.8 |
HIGH
Adjacent
|
openvswitch
|
openvswitch
|
In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extrac…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10377
|
2024-11-21 11:43 |
2017-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265944
|
4.5 |
MEDIUM
Network
|
gajim
|
gajim
|
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypte…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10376
|
2024-11-21 11:43 |
2017-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265945
|
9.8 |
CRITICAL
Network
|
yodl_project
|
yodl
|
Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10375
|
2024-11-21 11:43 |
2017-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265946
|
7.5 |
HIGH
Network
|
vanillaforums
|
vanilla
|
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr…
|
CWE-200
Information Exposure
|
CVE-2016-10073
|
2024-11-21 11:43 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265947
|
5.5 |
MEDIUM
Local
|
perltidy_project
|
perltidy
|
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protect…
|
CWE-59
Link Following
|
CVE-2016-10374
|
2024-11-21 11:43 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265948
|
9.8 |
CRITICAL
Network
|
eir
|
d1000_modem_firmware
|
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10372
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265949
|
7.0 |
HIGH
Local
|
google
|
android
|
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
|
CWE-362
Race Condition
|
CVE-2016-10242
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265950
|
7.8 |
HIGH
Local
|
google
|
android
|
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a …
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2016-10239
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
