|
266261
|
6.1 |
MEDIUM
Network
|
opera
|
opera_browser
|
Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE7…
|
CWE-601
Open Redirect
|
CVE-2016-6908
|
2024-11-21 11:57 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266262
|
6.5 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio…
|
CWE-352
Origin Validation Error
|
CVE-2016-6897
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266263
|
7.1 |
HIGH
Network
|
wordpress
|
wordpress
|
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read…
|
CWE-22
Path Traversal
|
CVE-2016-6896
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266264
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7150
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266265
|
6.1 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7149
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266266
|
8.1 |
HIGH
Network
|
unrealircd
|
unrealircd
|
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user vi…
|
CWE-287
Improper Authentication
|
CVE-2016-7144
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266267
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7101
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266268
|
5.3 |
MEDIUM
Network
|
ntp
|
ntp
|
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include t…
|
CWE-682
Incorrect Calculation
|
CVE-2016-7433
|
2024-11-21 11:57 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266269
|
5.3 |
MEDIUM
Network
|
ntp
|
ntp
|
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.
|
CWE-20
Improper Input Validation
|
CVE-2016-7431
|
2024-11-21 11:57 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266270
|
3.7 |
LOW
Network
|
ntp
|
ntp
|
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source)…
|
CWE-18
Source Code
|
CVE-2016-7429
|
2024-11-21 11:57 |
2017-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
