|
267961
|
9.8 |
CRITICAL
Network
|
s9y
|
serendipity
|
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the…
|
CWE-284
Improper Access Control
|
CVE-2016-10082
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267962
|
7.8 |
HIGH
Local
|
shutter-project
|
shutter
|
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
|
CWE-19
Data Processing Errors
|
CVE-2016-10081
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267963
|
7.5 |
HIGH
Local
|
wampserver
|
wampserver
|
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10072
|
2024-11-21 11:43 |
2016-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267964
|
7.5 |
HIGH
Local
|
wampserver
|
wampserver
|
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10031
|
2024-11-21 11:43 |
2016-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267965
|
6.1 |
MEDIUM
Network
|
antisamy_project
|
antisamy
|
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impac…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10006
|
2024-11-21 11:43 |
2016-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267966
|
7.5 |
HIGH
Network
|
sprecher-automation
|
sprecon-e_service_program
|
An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10041
|
2024-11-21 11:43 |
2016-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267967
|
7.3 |
HIGH
Network
|
modx
|
modx_revolution
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to …
|
CWE-22
Path Traversal
|
CVE-2016-10039
|
2024-11-21 11:43 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267968
|
7.3 |
HIGH
Network
|
modx
|
modx_revolution
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted dir parameter, related to …
|
CWE-22
Path Traversal
|
CVE-2016-10038
|
2024-11-21 11:43 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267969
|
7.3 |
HIGH
Network
|
modx
|
modx_revolution
|
Directory traversal in /connectors/index.php in MODX Revolution before 2.5.2-pl allows remote attackers to perform local file inclusion/traversal/manipulation via a crafted id (aka dir) parameter, re…
|
CWE-22
Path Traversal
|
CVE-2016-10037
|
2024-11-21 11:43 |
2016-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267970
|
7.5 |
HIGH
Network
|
sap
|
solution_manager
|
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.
|
CWE-200
Information Exposure
|
CVE-2016-10005
|
2024-11-21 11:43 |
2016-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
