|
269271
|
7.5 |
HIGH
Network
|
vanillaforums
|
vanilla
|
The from method in library/core/class.email.php in Vanilla Forums before 2.3.1 allows remote attackers to spoof the email domain in sent messages and potentially obtain sensitive information via a cr…
|
CWE-200
Information Exposure
|
CVE-2016-10073
|
2024-11-21 11:43 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269272
|
5.5 |
MEDIUM
Local
|
perltidy_project
|
perltidy
|
perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protect…
|
CWE-59
Link Following
|
CVE-2016-10374
|
2024-11-21 11:43 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269273
|
9.8 |
CRITICAL
Network
|
eir
|
d1000_modem_firmware
|
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10372
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269274
|
7.0 |
HIGH
Local
|
google
|
android
|
A time-of-check time-of-use race condition could potentially exist in the secure file system in all Android releases from CAF using the Linux kernel.
|
CWE-362
Race Condition
|
CVE-2016-10242
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269275
|
7.8 |
HIGH
Local
|
google
|
android
|
In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a …
|
CWE-119
CWE-190
Incorrect Access of Indexable Resource ('Range Error')
Integer Overflow or Wraparound
|
CVE-2016-10239
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269276
|
7.8 |
HIGH
Local
|
google
|
android
|
In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10238
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269277
|
7.8 |
HIGH
Local
|
google
|
android
|
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not …
|
CWE-284
Improper Access Control
|
CVE-2016-10237
|
2024-11-21 11:43 |
2017-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269278
|
7.5 |
HIGH
Network
|
synology
|
photo_station
|
Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.
|
CWE-22
Path Traversal
|
CVE-2016-10331
|
2024-11-21 11:43 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269279
|
7.1 |
HIGH
Local
|
synology
|
photo_station
|
Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2016-10330
|
2024-11-21 11:43 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269280
|
9.8 |
CRITICAL
Network
|
synology
|
photo_station
|
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' he…
|
CWE-77
Command Injection
|
CVE-2016-10329
|
2024-11-21 11:43 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
