|
269081
|
9.8 |
CRITICAL
Network
|
phpmailer_project
wordpress
joomla
|
phpmailer
wordpress
joomla\!
|
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction be…
|
CWE-77
Command Injection
|
CVE-2016-10045
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269082
|
9.8 |
CRITICAL
Network
|
zend
|
zend_framework
zend-mail
|
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extr…
|
CWE-77
Command Injection
|
CVE-2016-10034
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269083
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitra…
|
CWE-416
Use After Free
|
CVE-2016-10088
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269084
|
7.2 |
HIGH
Network
|
piwigo
|
piwigo
|
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
|
CWE-284
Improper Access Control
|
CVE-2016-10085
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269085
|
7.2 |
HIGH
Network
|
piwigo
|
piwigo
|
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
|
CWE-284
Improper Access Control
|
CVE-2016-10084
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269086
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a cert…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10083
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269087
|
9.8 |
CRITICAL
Network
|
s9y
|
serendipity
|
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the…
|
CWE-284
Improper Access Control
|
CVE-2016-10082
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269088
|
7.8 |
HIGH
Local
|
shutter-project
|
shutter
|
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
|
CWE-19
Data Processing Errors
|
CVE-2016-10081
|
2024-11-21 11:43 |
2016-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269089
|
7.5 |
HIGH
Local
|
wampserver
|
wampserver
|
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10072
|
2024-11-21 11:43 |
2016-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269090
|
7.5 |
HIGH
Local
|
wampserver
|
wampserver
|
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10031
|
2024-11-21 11:43 |
2016-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
