|
266441
|
4.9 |
MEDIUM
Network
|
plone
|
plone
|
Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile ac…
|
CWE-22
Path Traversal
|
CVE-2016-7135
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266442
|
9.8 |
CRITICAL
Network
|
nefarious2_project
|
nefarious2
|
The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE paramet…
|
CWE-287
Improper Authentication
|
CVE-2016-7145
|
2024-11-21 11:57 |
2017-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266443
|
5.5 |
MEDIUM
Local
|
dropbear_ssh_project
|
dropbear_ssh
|
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
|
CWE-200
Information Exposure
|
CVE-2016-7409
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266444
|
8.8 |
HIGH
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
|
CWE-284
Improper Access Control
|
CVE-2016-7408
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266445
|
9.8 |
CRITICAL
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
|
CWE-20
Improper Input Validation
|
CVE-2016-7407
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266446
|
9.8 |
CRITICAL
Network
|
dropbear_ssh_project
|
dropbear_ssh
|
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
|
CWE-20
Improper Input Validation
|
CVE-2016-7406
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266447
|
6.5 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6884
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266448
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
|
CWE-200
Information Exposure
|
CVE-2016-6883
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266449
|
5.9 |
MEDIUM
Network
|
matrixssl
|
matrixssl
|
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
|
CWE-200
CWE-320
Information Exposure
Key Management Errors
|
CVE-2016-6882
|
2024-11-21 11:57 |
2017-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266450
|
4.7 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via u…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7111
|
2024-11-21 11:57 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
