|
272181
|
9.8 |
CRITICAL
Network
|
projectsend
|
projectsend
|
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.
|
CWE-285
Improper Authorization
|
CVE-2016-10734
|
2024-11-21 11:44 |
2018-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272182
|
9.8 |
CRITICAL
Network
|
projectsend
|
projectsend
|
ProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.
|
CWE-22
Path Traversal
|
CVE-2016-10733
|
2024-11-21 11:44 |
2018-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272183
|
9.8 |
CRITICAL
Network
|
projectsend
|
projectsend
|
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to user…
|
CWE-287
Improper Authentication
|
CVE-2016-10732
|
2024-11-21 11:44 |
2018-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272184
|
9.8 |
CRITICAL
Network
|
projectsend
|
projectsend
|
ProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter…
|
CWE-89
SQL Injection
|
CVE-2016-10731
|
2024-11-21 11:44 |
2018-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272185
|
7.8 |
HIGH
Local
|
zmanda
redhat
|
amanda
enterprise_linux
|
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users direct…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-10730
|
2024-11-21 11:44 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272186
|
7.8 |
HIGH
Local
|
zmanda
redhat
debian
|
amanda
enterprise_linux
debian_linux
|
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied…
|
CWE-77
Command Injection
|
CVE-2016-10729
|
2024-11-21 11:44 |
2018-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272187
|
5.3 |
MEDIUM
Network
|
suricata-ids
|
suricata
|
An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the to_client direction, it confuses the rule grouping lookup logic. The tocli…
|
CWE-20
Improper Input Validation
|
CVE-2016-10728
|
2024-11-21 11:44 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272188
|
9.8 |
CRITICAL
Network
|
canonical
gnome
|
ubuntu_linux
evolution
|
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS …
|
CWE-200
Information Exposure
|
CVE-2016-10727
|
2024-11-21 11:44 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272189
|
7.5 |
HIGH
Network
|
duraspace
|
dspace
|
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a path…
|
CWE-22
Path Traversal
|
CVE-2016-10726
|
2024-11-21 11:44 |
2018-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272190
|
7.5 |
HIGH
Network
|
bitcoin
|
bitcoin_core
bitcoin-qt
bitcoind
|
In Bitcoin Core before v0.13.0, a non-final alert is able to block the special "final alert" (which is supposed to override all other alerts) because operations occur in the wrong order. This behavio…
|
CWE-310
Cryptographic Issues
|
CVE-2016-10725
|
2024-11-21 11:44 |
2018-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
