|
267921
|
8.8 |
HIGH
Network
|
golf_project
|
golf
|
CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requ…
|
CWE-352
Origin Validation Error
|
CVE-2016-15005
|
2024-11-21 11:45 |
2022-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267922
|
9.8 |
CRITICAL
Network
|
revmakx
|
infinitewp_client
|
A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection.…
|
-
|
CVE-2016-15004
|
2024-11-21 11:45 |
2022-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267923
|
7.8 |
HIGH
Local
|
filezilla-project
|
filezilla_client
|
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of t…
|
CWE-428
Unquoted Search Path or Element
|
CVE-2016-15003
|
2024-11-21 11:45 |
2022-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267924
|
8.8 |
HIGH
Network
|
ideracorp
|
webyog_monyog_ultimate
|
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAd…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2016-15002
|
2024-11-21 11:45 |
2022-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267925
|
7.4 |
HIGH
Network
|
oauth-ruby_project
|
oauth-ruby
|
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-11086
|
2024-11-21 11:45 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267926
|
6.5 |
MEDIUM
Network
|
expresstech
|
quiz_and_survey_master
|
php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishan…
|
CWE-352
CWE-79
Origin Validation Error
Cross-site Scripting
|
CVE-2016-11085
|
2024-11-21 11:45 |
2020-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267927
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2016-11084
|
2024-11-21 11:45 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267928
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.
|
CWE-79
Cross-site Scripting
|
CVE-2016-11083
|
2024-11-21 11:45 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267929
|
6.1 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.
|
CWE-79
Cross-site Scripting
|
CVE-2016-11082
|
2024-11-21 11:45 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267930
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.
|
CWE-200
Information Exposure
|
CVE-2016-11081
|
2024-11-21 11:45 |
2020-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
