|
265341
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
|
CWE-89
SQL Injection
|
CVE-2016-3172
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265342
|
7.8 |
HIGH
Local
|
xen
canonical
|
xen
ubuntu_linux
|
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3157
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265343
|
8.1 |
HIGH
Network
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data trunc…
|
CWE-19
Data Processing Errors
|
CVE-2016-3171
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265344
|
5.3 |
MEDIUM
Network
|
debian
drupal
|
debian_linux
drupal
|
The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configur…
|
CWE-200
Information Exposure
|
CVE-2016-3170
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265345
|
8.1 |
HIGH
Network
|
debian
drupal
|
debian_linux
drupal
|
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit ca…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3169
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265346
|
6.4 |
MEDIUM
Network
|
drupal
debian
|
drupal
debian_linux
|
The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrar…
|
CWE-254
7PK - Security Features
|
CVE-2016-3168
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265347
|
7.4 |
HIGH
Network
|
drupal
debian
|
drupal
debian_linux
|
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishi…
|
NVD-CWE-Other
|
CVE-2016-3167
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265348
|
5.9 |
MEDIUM
Network
|
debian
drupal
|
debian_linux
drupal
|
CRLF injection vulnerability in the drupal_set_header function in Drupal 6.x before 6.38, when used with PHP before 5.1.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP re…
|
NVD-CWE-Other
|
CVE-2016-3166
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265349
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
The Form API in Drupal 6.x before 6.38 ignores access restrictions on submit buttons, which might allow remote attackers to bypass intended access restrictions by leveraging permission to submit a fo…
|
CWE-284
Improper Access Control
|
CVE-2016-3165
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265350
|
7.4 |
HIGH
Network
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, rela…
|
NVD-CWE-Other
|
CVE-2016-3164
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
