|
266291
|
7.5 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream.
|
CWE-20
Improper Input Validation
|
CVE-2016-4061
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266292
|
7.5 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-4060
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266293
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.
|
NVD-CWE-Other
|
CVE-2016-4059
|
2024-11-21 11:51 |
2016-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266294
|
5.5 |
MEDIUM
Local
|
opensuse
giflib_project
|
opensuse
giflib
|
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-3977
|
2024-11-21 11:51 |
2016-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266295
|
7.2 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-4040
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266296
|
8.8 |
HIGH
Local
|
xen
fedoraproject
oracle
|
xen
fedora
vm_server
|
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
|
CWE-264
NVD-CWE-Other
Permissions, Privileges, and Access Controls
|
CVE-2016-3960
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266297
|
2.7 |
LOW
Network
|
dotcms
|
dotcms
|
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
|
CWE-22
Path Traversal
|
CVE-2016-3972
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266298
|
4.8 |
MEDIUM
Network
|
dotcms
|
dotcms
|
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
|
CWE-79
Cross-site Scripting
|
CVE-2016-3971
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266299
|
5.5 |
MEDIUM
Local
|
opensuse
|
leap
opensuse
|
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4036
|
2024-11-21 11:51 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266300
|
6.5 |
MEDIUM
Network
|
huawei
|
ar3200_firmware
|
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
|
CWE-20
Improper Input Validation
|
CVE-2016-3950
|
2024-11-21 11:51 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
