|
272521
|
7.2 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-4040
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272522
|
8.8 |
HIGH
Local
|
xen
fedoraproject
oracle
|
xen
fedora
vm_server
|
Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.
|
CWE-264
NVD-CWE-Other
Permissions, Privileges, and Access Controls
|
CVE-2016-3960
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272523
|
2.7 |
LOW
Network
|
dotcms
|
dotcms
|
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
|
CWE-22
Path Traversal
|
CVE-2016-3972
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272524
|
4.8 |
MEDIUM
Network
|
dotcms
|
dotcms
|
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
|
CWE-79
Cross-site Scripting
|
CVE-2016-3971
|
2024-11-21 11:51 |
2016-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272525
|
5.5 |
MEDIUM
Local
|
opensuse
|
leap
opensuse
|
The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-4036
|
2024-11-21 11:51 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272526
|
6.5 |
MEDIUM
Network
|
huawei
|
ar3200_firmware
|
Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets.
|
CWE-20
Improper Input Validation
|
CVE-2016-3950
|
2024-11-21 11:51 |
2016-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272527
|
5.5 |
MEDIUM
Local
|
canonical
xen
|
ubuntu_linux
xen
|
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to…
|
CWE-20
Improper Input Validation
|
CVE-2016-3961
|
2024-11-21 11:51 |
2016-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272528
|
7.3 |
HIGH
Network
|
sap
|
hana
|
The Data Provisioning Agent (aka DP Agent) in SAP HANA does not properly restrict access to service functionality, which allows remote attackers to obtain sensitive information, gain privileges, and …
|
CWE-284
Improper Access Control
|
CVE-2016-4018
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272529
|
7.5 |
HIGH
Network
|
sap
|
hana
|
The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote attackers to cause a denial of service (process crash) via unspecified vectors, aka SAP Security Note 2262710.
|
NVD-CWE-noinfo
|
CVE-2016-4017
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272530
|
6.1 |
MEDIUM
Network
|
sap
|
java_as
|
Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title par…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4016
|
2024-11-21 11:51 |
2016-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
