|
266221
|
7.2 |
HIGH
Network
|
piwigo
|
piwigo
|
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
|
CWE-284
Improper Access Control
|
CVE-2016-10084
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266222
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a cert…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10083
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266223
|
9.8 |
CRITICAL
Network
|
s9y
|
serendipity
|
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the…
|
CWE-284
Improper Access Control
|
CVE-2016-10082
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266224
|
7.8 |
HIGH
Local
|
shutter-project
|
shutter
|
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
|
CWE-19
Data Processing Errors
|
CVE-2016-10081
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266225
|
7.5 |
HIGH
Local
|
wampserver
|
wampserver
|
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10072
|
2024-11-21 11:43 |
2016-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266226
|
7.5 |
HIGH
Local
|
wampserver
|
wampserver
|
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10031
|
2024-11-21 11:43 |
2016-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266227
|
6.1 |
MEDIUM
Network
|
antisamy_project
|
antisamy
|
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impac…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10006
|
2024-11-21 11:43 |
2016-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266228
|
7.5 |
HIGH
Network
|
sprecher-automation
|
sprecon-e_service_program
|
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10041
|
2024-11-21 11:43 |
2016-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266229
|
7.3 |
HIGH
Network
|
modx
|
modx_revolution
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to …
|
CWE-22
Path Traversal
|
CVE-2016-10039
|
2024-11-21 11:43 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266230
|
7.3 |
HIGH
Network
|
modx
|
modx_revolution
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to …
|
CWE-22
Path Traversal
|
CVE-2016-10038
|
2024-11-21 11:43 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
