|
268221
|
8.8 |
HIGH
Network
|
hitachivantara
|
pentaho_business_analytics
|
In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.
|
CWE-352
Origin Validation Error
|
CVE-2016-10701
|
2024-11-21 11:44 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268222
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10700
|
2024-11-21 11:44 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268223
|
6.1 |
MEDIUM
Network
|
dlink
|
dsl-2740e_firmware
|
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in the…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10699
|
2024-11-21 11:44 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268224
|
7.4 |
HIGH
Network
|
redislabs
|
redis
|
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack …
|
CWE-254
7PK - Security Features
|
CVE-2016-10517
|
2024-11-21 11:44 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268225
|
6.1 |
MEDIUM
Network
|
palletsprojects
|
werkzeug
|
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10516
|
2024-11-21 11:44 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268226
|
6.1 |
MEDIUM
Network
|
redmine
|
redmine
|
In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10515
|
2024-11-21 11:44 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268227
|
6.5 |
MEDIUM
Network
|
piwigo
|
piwigo
|
url_check_format in include/functions.inc.php in Piwigo before 2.8.3 allows remote attackers to bypass intended access restrictions via a URL that contains a " character, or a URL beginning with a su…
|
CWE-284
Improper Access Control
|
CVE-2016-10514
|
2024-11-21 11:44 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268228
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10513
|
2024-11-21 11:44 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268229
|
9.8 |
CRITICAL
Network
|
multitech
|
faxfinder
|
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP con…
|
CWE-255
Credentials Management
|
CVE-2016-10512
|
2024-11-21 11:44 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268230
|
5.9 |
MEDIUM
Network
|
twitter
|
twitter
|
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the abili…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-10511
|
2024-11-21 11:44 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
