|
265271
|
5.3 |
MEDIUM
Network
|
plone
|
plone
|
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-4042
|
2024-11-21 11:51 |
2017-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265272
|
7.3 |
HIGH
Network
|
plone
|
plone
|
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4041
|
2024-11-21 11:51 |
2017-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265273
|
6.1 |
MEDIUM
Network
|
wso2
|
enablement_server_for_java
|
Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4327
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265274
|
6.1 |
MEDIUM
Network
|
wso2
|
carbon
|
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4316
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265275
|
5.7 |
MEDIUM
Network
|
wso2
|
carbon
|
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action…
|
CWE-352
Origin Validation Error
|
CVE-2016-4315
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265276
|
4.9 |
MEDIUM
Network
|
wso2
|
carbon
|
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to…
|
CWE-22
Path Traversal
|
CVE-2016-4314
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265277
|
7.5 |
HIGH
Network
|
wso2
|
identity_server
|
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to …
|
CWE-611
XXE
|
CVE-2016-4312
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265278
|
8.8 |
HIGH
Network
|
wso2
|
identity_server
|
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc…
|
CWE-352
Origin Validation Error
|
CVE-2016-4311
|
2024-11-21 11:51 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265279
|
7.5 |
HIGH
Network
|
cryptopp
|
crypto\+\+
|
The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows atta…
|
CWE-200
Information Exposure
|
CVE-2016-3995
|
2024-11-21 11:51 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265280
|
7.5 |
HIGH
Network
|
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-4341
|
2024-11-21 11:51 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
