|
264691
|
7.2 |
HIGH
Network
|
fortinet
|
fortiwlc
|
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file.
|
CWE-200
Information Exposure
|
CVE-2016-7561
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264692
|
9.8 |
CRITICAL
Network
|
fortinet
|
fortiwlc
|
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrar…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-7560
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264693
|
9.1 |
CRITICAL
Network
|
sap
|
netweaver
|
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7435
|
2024-11-21 11:58 |
2016-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264694
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7572
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264695
|
6.1 |
MEDIUM
Network
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7571
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264696
|
4.3 |
MEDIUM
Network
|
drupal
|
drupal
|
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging righ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7570
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264697
|
7.5 |
HIGH
Network
|
uclouvain
opensuse
|
openjpeg
leap
|
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-7445
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264698
|
4.4 |
MEDIUM
Local
|
sophos
|
unified_threat_management_software
|
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in …
|
CWE-200
Information Exposure
|
CVE-2016-7442
|
2024-11-21 11:58 |
2016-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264699
|
9.8 |
CRITICAL
Network
|
libgd
php
debian
|
libgd
php
debian_linux
|
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-7568
|
2024-11-21 11:58 |
2016-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264700
|
6.5 |
MEDIUM
Network
|
openstack
|
compute_\(nova\)
|
OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances wh…
|
CWE-399
Resource Management Errors
|
CVE-2016-7498
|
2024-11-21 11:58 |
2016-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
