|
265611
|
8.1 |
HIGH
Network
|
pivotal_software
cloudfoundry
|
cloud_foundry
cloud_foundry_uaa
cloud_foundry_elastic_runtime
login-server
cloud_foundry_uaa_bosh
|
The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3084
|
2024-11-21 11:49 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265612
|
8.8 |
HIGH
Network
|
synacor
|
zimbra_collaboration_suite
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for …
|
CWE-352
Origin Validation Error
|
CVE-2016-3403
|
2024-11-21 11:49 |
2017-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265613
|
5.4 |
MEDIUM
Network
|
ibm
|
cognos_analytics
|
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially …
|
CWE-79
Cross-site Scripting
|
CVE-2016-3032
|
2024-11-21 11:49 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265614
|
7.5 |
HIGH
Network
|
ibm
|
bigfix_remote_control
|
IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.
|
CWE-284
Improper Access Control
|
CVE-2016-2930
|
2024-11-21 11:49 |
2017-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265615
|
6.5 |
MEDIUM
Network
|
kallithea
|
kallithea
|
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3114
|
2024-11-21 11:49 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265616
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3076
|
2024-11-21 11:49 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265617
|
9.8 |
CRITICAL
Network
|
shopware
|
shopware
|
The backend/Login/load/ script in Shopware before 5.1.5 allows remote attackers to execute arbitrary code.
|
CWE-20
Improper Input Validation
|
CVE-2016-3109
|
2024-11-21 11:49 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265618
|
9.8 |
CRITICAL
Network
|
cygwin
|
cygwin
|
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-3067
|
2024-11-21 11:49 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265619
|
5.4 |
MEDIUM
Network
|
ibm
|
cognos_business_intelligence
|
IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential…
|
CWE-79
Cross-site Scripting
|
CVE-2016-3038
|
2024-11-21 11:49 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265620
|
5.7 |
MEDIUM
Network
|
ibm
|
cognos_business_intelligence
|
IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's password with a valid session key. An authenticated attacker with user interaction could obtain this sensitive information. IBM …
|
CWE-200
Information Exposure
|
CVE-2016-3037
|
2024-11-21 11:49 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
