|
266201
|
5.5 |
MEDIUM
Local
|
openbsd
|
openssh
|
authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging …
|
CWE-320
Key Management Errors
|
CVE-2016-10011
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266202
|
7.0 |
HIGH
Local
|
openbsd
|
openssh
|
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10010
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266203
|
7.3 |
HIGH
Network
|
openbsd
|
openssh
|
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-s…
|
CWE-426
Untrusted Search Path
|
CVE-2016-10009
|
2024-11-21 11:43 |
2017-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266204
|
8.1 |
HIGH
Network
|
netgear
|
arlo_base_station_firmware
arlo_q_camera_firmware
arlo_q_plus_camera_firmware
|
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adj…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10116
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266205
|
9.8 |
CRITICAL
Network
|
netgear
|
arlo_base_station_firmware
arlo_q_camera_firmware
arlo_q_plus_camera_firmware
|
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default passw…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-10115
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266206
|
9.8 |
CRITICAL
Network
|
awebsupport
|
aweb_cart_watching_system_for_virtuemart
|
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving catego…
|
CWE-89
SQL Injection
|
CVE-2016-10114
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266207
|
4.8 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted ta…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10112
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266208
|
9.8 |
CRITICAL
Network
|
western_digital
|
mycloud_nas
|
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
|
CWE-77
Command Injection
|
CVE-2016-10108
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266209
|
9.8 |
CRITICAL
Network
|
western_digital
|
mycloud_nas
|
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
|
CWE-77
Command Injection
|
CVE-2016-10107
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266210
|
6.5 |
MEDIUM
Network
|
netgear
|
fvs336gv3_firmware
srx5308_firmware
fvs318gv2_firmware
fvs318n_firmware
|
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitra…
|
CWE-22
Path Traversal
|
CVE-2016-10106
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
