|
267841
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10202
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267842
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10201
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267843
|
9.8 |
CRITICAL
Network
|
festivaltts4r_project
|
festivaltts4r
|
The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.
|
CWE-77
Command Injection
|
CVE-2016-10194
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267844
|
9.8 |
CRITICAL
Network
|
espeak-ruby_project
|
espeak-ruby
|
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech…
|
CWE-284
Improper Access Control
|
CVE-2016-10193
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267845
|
9.0 |
CRITICAL
Network
|
pysaml2_project
|
pysaml2
|
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
|
CWE-611
XXE
|
CVE-2016-10127
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267846
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-10071
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267847
|
5.5 |
MEDIUM
Local
|
imagemagick
opensuse_project
|
imagemagick
leap
|
coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames.
|
CWE-20
Improper Input Validation
|
CVE-2016-10069
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267848
|
5.5 |
MEDIUM
Local
|
imagemagick
opensuse_project
opensuse
|
imagemagick
leap
|
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
|
CWE-20
Improper Input Validation
|
CVE-2016-10068
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267849
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10067
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267850
|
7.8 |
HIGH
Local
|
imagemagick
opensuse
|
imagemagick
leap
|
Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10064
|
2024-11-21 11:43 |
2017-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
