|
269441
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10513
|
2024-11-21 11:44 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269442
|
9.8 |
CRITICAL
Network
|
multitech
|
faxfinder
|
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP con…
|
CWE-255
Credentials Management
|
CVE-2016-10512
|
2024-11-21 11:44 |
2017-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269443
|
5.9 |
MEDIUM
Network
|
twitter
|
twitter
|
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the abili…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-10511
|
2024-11-21 11:44 |
2017-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269444
|
6.1 |
MEDIUM
Network
|
kohanaframework
debian
|
kohana
debian_linux
|
Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection m…
|
CWE-79
Cross-site Scripting
|
CVE-2016-10510
|
2024-11-21 11:44 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269445
|
7.2 |
HIGH
Network
|
opencart
|
opencart
|
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute…
|
CWE-89
SQL Injection
|
CVE-2016-10509
|
2024-11-21 11:44 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269446
|
6.1 |
MEDIUM
Network
|
phpthumb_project
|
phpthumb
|
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
|
CWE-79
Cross-site Scripting
|
CVE-2016-10508
|
2024-11-21 11:44 |
2017-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269447
|
6.5 |
MEDIUM
Network
|
uclouvain
|
openjpeg
|
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-10507
|
2024-11-21 11:44 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269448
|
6.5 |
MEDIUM
Network
|
uclouvain
|
openjpeg
|
Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (applic…
|
CWE-369
Divide By Zero
|
CVE-2016-10506
|
2024-11-21 11:44 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269449
|
6.5 |
MEDIUM
Network
|
uclouvain
|
openjpeg
|
NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-10505
|
2024-11-21 11:44 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269450
|
6.5 |
MEDIUM
Network
|
uclouvain
|
openjpeg
|
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp f…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10504
|
2024-11-21 11:44 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
