|
266951
|
4.7 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS)…
|
CWE-79
Cross-site Scripting
|
CVE-2016-2784
|
2024-11-21 11:48 |
2016-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266952
|
7.8 |
HIGH
Local
|
huawei
|
mobile_broadband_hl_service
|
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2855
|
2024-11-21 11:48 |
2016-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266953
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL inf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2190
|
2024-11-21 11:48 |
2016-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266954
|
8.6 |
HIGH
Network
|
wordpress
|
wordpress
|
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o…
|
NVD-CWE-Other
|
CVE-2016-2222
|
2024-11-21 11:48 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266955
|
7.4 |
HIGH
Network
|
wordpress
|
wordpress
|
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph…
|
NVD-CWE-Other
|
CVE-2016-2221
|
2024-11-21 11:48 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266956
|
9.1 |
CRITICAL
Network
|
symantec
|
anti-virus_engine
|
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system …
|
CWE-399
Resource Management Errors
|
CVE-2016-2208
|
2024-11-21 11:48 |
2016-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266957
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2554
|
2024-11-21 11:48 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266958
|
9.8 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-2298
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266959
|
9.4 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
|
NVD-CWE-noinfo
|
CVE-2016-2297
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266960
|
9.4 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify dat…
|
CWE-254
7PK - Security Features
|
CVE-2016-2296
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
