|
267141
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL inf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-2190
|
2024-11-21 11:48 |
2016-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267142
|
8.6 |
HIGH
Network
|
wordpress
|
wordpress
|
The wp_http_validate_url function in wp-includes/http.php in WordPress before 4.4.2 allows remote attackers to conduct server-side request forgery (SSRF) attacks via a zero value in the first octet o…
|
NVD-CWE-Other
|
CVE-2016-2222
|
2024-11-21 11:48 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267143
|
7.4 |
HIGH
Network
|
wordpress
|
wordpress
|
Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct ph…
|
NVD-CWE-Other
|
CVE-2016-2221
|
2024-11-21 11:48 |
2016-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267144
|
9.1 |
CRITICAL
Network
|
symantec
|
anti-virus_engine
|
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system …
|
CWE-399
Resource Management Errors
|
CVE-2016-2208
|
2024-11-21 11:48 |
2016-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267145
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attackers to cause a denial of service (application crash) or possibly have…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-2554
|
2024-11-21 11:48 |
2016-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267146
|
9.8 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to obtain sensitive cleartext information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-2298
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267147
|
9.4 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows remote attackers to execute arbitrary commands via an "access command shell-like feature."
|
NVD-CWE-noinfo
|
CVE-2016-2297
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267148
|
9.4 |
CRITICAL
Network
|
meteocontrol
|
web\'log_pro
web\'log_pro_unlimited
web\'log_basic_100
web\'log_light
|
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify dat…
|
CWE-254
7PK - Security Features
|
CVE-2016-2296
|
2024-11-21 11:48 |
2016-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267149
|
6.5 |
MEDIUM
Network
|
openafs
debian
|
openafs
debian_linux
|
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups …
|
CWE-284
Improper Access Control
|
CVE-2016-2860
|
2024-11-21 11:48 |
2016-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267150
|
7.5 |
HIGH
Network
|
fedoraproject
botan_project
|
fedora
botan
|
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2016-2850
|
2024-11-21 11:48 |
2016-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
