|
268961
|
7.8 |
HIGH
Local
|
imagemagick
opensuse
|
imagemagick
leap
|
The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file.
|
CWE-284
Improper Access Control
|
CVE-2016-10065
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268962
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) …
|
CWE-252
Unchecked Return Value
|
CVE-2016-10061
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268963
|
8.8 |
HIGH
Network
|
zoneminder
|
zoneminder
|
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspe…
|
CWE-352
Origin Validation Error
|
CVE-2016-10206
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268964
|
7.3 |
HIGH
Network
|
zoneminder
|
zoneminder
|
Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.
|
CWE-384
Session Fixation
|
CVE-2016-10205
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268965
|
9.8 |
CRITICAL
Network
|
zoneminder
|
zoneminder
|
SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.
|
CWE-89
SQL Injection
|
CVE-2016-10204
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268966
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10203
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268967
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10202
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268968
|
6.1 |
MEDIUM
Network
|
zoneminder
|
zoneminder
|
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10201
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268969
|
9.8 |
CRITICAL
Network
|
festivaltts4r_project
|
festivaltts4r
|
The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.
|
CWE-77
Command Injection
|
CVE-2016-10194
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268970
|
9.8 |
CRITICAL
Network
|
espeak-ruby_project
|
espeak-ruby
|
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech…
|
CWE-284
Improper Access Control
|
CVE-2016-10193
|
2024-11-21 11:43 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
