|
266211
|
9.8 |
CRITICAL
Network
|
piwigo
|
piwigo
|
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2016-10105
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266212
|
5.3 |
MEDIUM
Network
|
borg
|
borg
|
Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.
|
CWE-20
Improper Input Validation
|
CVE-2016-10100
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266213
|
5.3 |
MEDIUM
Network
|
borg_project
|
borg
|
Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.
|
CWE-310
Cryptographic Issues
|
CVE-2016-10099
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266214
|
7.5 |
HIGH
Network
|
forgerock
|
openam
|
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
|
CWE-611
XXE
|
CVE-2016-10097
|
2024-11-21 11:43 |
2017-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266215
|
7.3 |
HIGH
Network
|
genixcms
|
genixcms
|
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
|
CWE-89
SQL Injection
|
CVE-2016-10096
|
2024-11-21 11:43 |
2017-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266216
|
9.8 |
CRITICAL
Network
|
swiftmailer
|
swiftmailer
|
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code v…
|
CWE-77
Command Injection
|
CVE-2016-10074
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266217
|
9.8 |
CRITICAL
Network
|
phpmailer_project
wordpress
joomla
|
phpmailer
wordpress
joomla\!
|
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction be…
|
CWE-77
Command Injection
|
CVE-2016-10045
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266218
|
9.8 |
CRITICAL
Network
|
zend
|
zend_framework
zend-mail
|
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extr…
|
CWE-77
Command Injection
|
CVE-2016-10034
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266219
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitra…
|
CWE-416
Use After Free
|
CVE-2016-10088
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266220
|
7.2 |
HIGH
Network
|
piwigo
|
piwigo
|
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
|
CWE-284
Improper Access Control
|
CVE-2016-10085
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
