|
269071
|
4.8 |
MEDIUM
Network
|
woocommerce
|
woocommerce
|
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted ta…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10112
|
2024-11-21 11:43 |
2017-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269072
|
9.8 |
CRITICAL
Network
|
western_digital
|
mycloud_nas
|
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
|
CWE-77
Command Injection
|
CVE-2016-10108
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269073
|
9.8 |
CRITICAL
Network
|
western_digital
|
mycloud_nas
|
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
|
CWE-77
Command Injection
|
CVE-2016-10107
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269074
|
6.5 |
MEDIUM
Network
|
netgear
|
fvs336gv3_firmware
srx5308_firmware
fvs318gv2_firmware
fvs318n_firmware
|
Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read arbitra…
|
CWE-22
Path Traversal
|
CVE-2016-10106
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269075
|
9.8 |
CRITICAL
Network
|
piwigo
|
piwigo
|
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2016-10105
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269076
|
5.3 |
MEDIUM
Network
|
borg
|
borg
|
Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.
|
CWE-20
Improper Input Validation
|
CVE-2016-10100
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269077
|
5.3 |
MEDIUM
Network
|
borg_project
|
borg
|
Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.
|
CWE-310
Cryptographic Issues
|
CVE-2016-10099
|
2024-11-21 11:43 |
2017-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269078
|
7.5 |
HIGH
Network
|
forgerock
|
openam
|
XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter.
|
CWE-611
XXE
|
CVE-2016-10097
|
2024-11-21 11:43 |
2017-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269079
|
7.3 |
HIGH
Network
|
genixcms
|
genixcms
|
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
|
CWE-89
SQL Injection
|
CVE-2016-10096
|
2024-11-21 11:43 |
2017-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269080
|
9.8 |
CRITICAL
Network
|
swiftmailer
|
swiftmailer
|
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code v…
|
CWE-77
Command Injection
|
CVE-2016-10074
|
2024-11-21 11:43 |
2016-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
