|
265351
|
7.5 |
HIGH
Network
|
debian
drupal
|
debian_linux
drupal
|
The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might make it easier for remote attackers to conduct brute-force attacks via a large number of calls made at once to the same method.
|
CWE-254
7PK - Security Features
|
CVE-2016-3163
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265352
|
8.1 |
HIGH
Network
|
drupal
debian
|
drupal
debian_linux
|
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unproces…
|
CWE-284
Improper Access Control
|
CVE-2016-3162
|
2024-11-21 11:49 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265353
|
9.1 |
CRITICAL
Network
|
postgresql
|
postgresql
|
The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3065
|
2024-11-21 11:49 |
2016-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265354
|
7.3 |
HIGH
Network
|
prepopulate_project
|
prepopulate
|
The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) passw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3188
|
2024-11-21 11:49 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265355
|
7.3 |
HIGH
Network
|
prepopulate_project
|
prepopulate
|
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3187
|
2024-11-21 11:49 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265356
|
9.8 |
CRITICAL
Network
|
spip
|
spip
|
The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to conduct PHP object injection attacks and…
|
CWE-94
Code Injection
|
CVE-2016-3154
|
2024-11-21 11:49 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265357
|
9.8 |
CRITICAL
Network
|
debian
spip
|
debian_linux
spip
|
SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 allows remote attackers to execute arbitrary PHP code by adding content, related to the filtrer_entites function.
|
CWE-94
Code Injection
|
CVE-2016-3153
|
2024-11-21 11:49 |
2016-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265358
|
6.5 |
MEDIUM
Network
|
broadcom
|
api_gateway
|
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified imp…
|
NVD-CWE-Other
|
CVE-2016-3118
|
2024-11-21 11:49 |
2016-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265359
|
7.5 |
HIGH
Network
|
proftpd
opensuse
fedoraproject
|
proftpd
opensuse
fedora
|
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be use…
|
CWE-310
CWE-254
Cryptographic Issues
7PK - Security Features
|
CVE-2016-3125
|
2024-11-21 11:49 |
2016-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265360
|
8.2 |
HIGH
Network
|
php
apple
|
php
mac_os_x
|
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a deni…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3142
|
2024-11-21 11:49 |
2016-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
