|
266101
|
9.8 |
CRITICAL
Network
|
zoneminder
|
zoneminder
|
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
|
CWE-89
SQL Injection
|
CVE-2016-10204
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266102
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10203
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266103
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10202
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266104
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10201
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266105
|
9.8 |
CRITICAL
Network
|
festivaltts4r_project
|
festivaltts4r
|
The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.
|
CWE-77
Command Injection
|
CVE-2016-10194
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266106
|
9.8 |
CRITICAL
Network
|
espeak-ruby_project
|
espeak-ruby
|
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech…
|
CWE-284
Improper Access Control
|
CVE-2016-10193
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266107
|
9.0 |
CRITICAL
Network
|
pysaml2_project
|
pysaml2
|
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
|
CWE-611
XXE
|
CVE-2016-10127
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266108
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-10071
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266109
|
5.5 |
MEDIUM
Local
|
imagemagick
opensuse_project
|
imagemagick
leap
|
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
|
CWE-20
Improper Input Validation
|
CVE-2016-10069
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266110
|
5.5 |
MEDIUM
Local
|
imagemagick
opensuse_project
opensuse
|
imagemagick
leap
|
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
|
CWE-20
Improper Input Validation
|
CVE-2016-10068
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
