|
268671
|
7.5 |
HIGH
Network
|
jquery
|
jquery
|
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an i…
|
CWE-674
Uncontrolled Recursion
|
CVE-2016-10707
|
2024-11-21 11:44 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268672
|
6.1 |
MEDIUM
Network
|
automattic
|
jetpack
|
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10706
|
2024-11-21 11:44 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268673
|
6.1 |
MEDIUM
Network
|
automattic
|
jetpack
|
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10705
|
2024-11-21 11:44 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268674
|
6.1 |
MEDIUM
Network
|
magento
|
magento
|
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10704
|
2024-11-21 11:44 |
2017-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268675
|
7.5 |
HIGH
Network
|
ecstatic_project
|
ecstatic
|
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by pa…
|
CWE-20
Improper Input Validation
|
CVE-2016-10703
|
2024-11-21 11:44 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268676
|
6.1 |
MEDIUM
Local
|
pebble
|
pebble_firmware
|
Pebble Smartwatch devices through 4.3 mishandle UUID storage, which allows attackers to read an arbitrary application's flash storage, and access an arbitrary application's JavaScript instance, by mo…
|
CWE-200
Information Exposure
|
CVE-2016-10702
|
2024-11-21 11:44 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268677
|
8.8 |
HIGH
Network
|
hitachivantara
|
pentaho_business_analytics
|
In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application.
|
CWE-352
Origin Validation Error
|
CVE-2016-10701
|
2024-11-21 11:44 |
2017-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268678
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10700
|
2024-11-21 11:44 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268679
|
6.1 |
MEDIUM
Network
|
dlink
|
dsl-2740e_firmware
|
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in the…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10699
|
2024-11-21 11:44 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268680
|
7.4 |
HIGH
Network
|
redislabs
|
redis
|
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack …
|
CWE-254
7PK - Security Features
|
CVE-2016-10517
|
2024-11-21 11:44 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
