|
266341
|
7.8 |
HIGH
Local
|
emc
|
avamar_server
|
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the su…
|
CWE-77
Command Injection
|
CVE-2016-0920
|
2024-11-21 11:42 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266342
|
9.8 |
CRITICAL
Network
|
emc
|
vnx1_oe_firmware
vnx2_oe_firmware
vnxe_oe_firmware
|
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE befor…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-0917
|
2024-11-21 11:42 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266343
|
6.7 |
MEDIUM
Local
|
emc
|
avamar_server
|
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-0905
|
2024-11-21 11:42 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266344
|
8.6 |
HIGH
Network
|
emc
|
avamar_server
|
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to …
|
CWE-310
CWE-200
Cryptographic Issues
Information Exposure
|
CVE-2016-0904
|
2024-11-21 11:42 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266345
|
9.1 |
CRITICAL
Network
|
emc
|
avamar_server
|
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data …
|
CWE-200
Information Exposure
|
CVE-2016-0903
|
2024-11-21 11:42 |
2016-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266346
|
5.3 |
MEDIUM
Network
|
trane
|
tracer_sc
|
The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request.
|
CWE-200
Information Exposure
|
CVE-2016-0870
|
2024-11-21 11:42 |
2016-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266347
|
9.8 |
CRITICAL
Network
|
pivotal
|
operations_manager
|
Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH …
|
CWE-362
Race Condition
|
CVE-2016-0930
|
2024-11-21 11:42 |
2016-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266348
|
7.5 |
HIGH
Network
|
pivotal_software
|
rabbitmq
|
The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed commands, which might allow context-dependent attackers to obtain sensitiv…
|
CWE-200
Information Exposure
|
CVE-2016-0929
|
2024-11-21 11:42 |
2016-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266349
|
7.4 |
HIGH
Network
|
pivotal
|
cloud_foundry_elastic_runtime
|
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct …
|
CWE-601
Open Redirect
|
CVE-2016-0928
|
2024-11-21 11:42 |
2016-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266350
|
6.1 |
MEDIUM
Network
|
pivotal_software
|
cloud_foundry_elastic_runtime
|
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-0927
|
2024-11-21 11:42 |
2016-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
