|
265851
|
8.8 |
HIGH
Network
|
kallithea-scm
|
kallithea
|
Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method.
|
CWE-352
Origin Validation Error
|
CVE-2016-3691
|
2024-11-21 11:50 |
2017-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265852
|
5.3 |
MEDIUM
Network
|
redhat
|
cloudforms_management_engine
|
Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.
|
CWE-200
Information Exposure
|
CVE-2016-3702
|
2024-11-21 11:50 |
2017-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265853
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack t…
|
CWE-352
Origin Validation Error
|
CVE-2016-3734
|
2024-11-21 11:50 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265854
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.
|
CWE-284
Improper Access Control
|
CVE-2016-3733
|
2024-11-21 11:50 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265855
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of…
|
CWE-200
Information Exposure
|
CVE-2016-3732
|
2024-11-21 11:50 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265856
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.
|
CWE-200
Information Exposure
|
CVE-2016-3731
|
2024-11-21 11:50 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265857
|
6.5 |
MEDIUM
Network
|
moodle
|
moodle
|
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the admini…
|
CWE-284
Improper Access Control
|
CVE-2016-3729
|
2024-11-21 11:50 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265858
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
|
Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value i…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3740
|
2024-11-21 11:50 |
2017-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265859
|
9.8 |
CRITICAL
Network
|
modified
|
ecommerce_shopsoftware
|
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands vi…
|
CWE-89
SQL Injection
|
CVE-2016-3694
|
2024-11-21 11:50 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265860
|
8.8 |
HIGH
Network
|
libjpeg-turbo
redhat
debian
canonical
|
libjpeg-turbo
enterprise_linux
debian_linux
ubuntu_linux
|
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-3616
|
2024-11-21 11:50 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
