|
266551
|
5.6 |
MEDIUM
Network
|
netapp
|
netapp_plug-in
|
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
|
CWE-295
Improper Certificate Validation
|
CVE-2016-7171
|
2024-11-21 11:57 |
2016-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266552
|
6.4 |
MEDIUM
Local
|
siemens
|
simatic_wincc
simatic_wincc_runtime
simatic_wincc_\(tia_portal\)
simit
simatic_pcs7
simatic_step_7_\(tia_portal\)
simatic_pcs_7
sinema_remote_connect
simatic_step_7
simatic…
|
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), S…
|
CWE-254
CWE-284
7PK - Security Features
Improper Access Control
|
CVE-2016-7165
|
2024-11-21 11:57 |
2016-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266553
|
6.1 |
MEDIUM
Network
|
moinmo
|
moinmoin
|
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7148
|
2024-11-21 11:57 |
2016-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266554
|
6.1 |
MEDIUM
Network
|
moinmo
|
moinmoin
|
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the ac…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7146
|
2024-11-21 11:57 |
2016-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266555
|
8.8 |
HIGH
Network
|
microsoft
|
sql_server
|
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS E…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7254
|
2024-11-21 11:57 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266556
|
8.8 |
HIGH
Network
|
microsoft
|
sql_server
|
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecif…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7253
|
2024-11-21 11:57 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266557
|
6.5 |
MEDIUM
Network
|
microsoft
|
sql_server
|
Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnera…
|
CWE-200
Information Exposure
|
CVE-2016-7252
|
2024-11-21 11:57 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266558
|
6.1 |
MEDIUM
Network
|
microsoft
|
sql_server
|
Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vuln…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7251
|
2024-11-21 11:57 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266559
|
8.8 |
HIGH
Network
|
microsoft
|
sql_server
|
Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7250
|
2024-11-21 11:57 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266560
|
8.8 |
HIGH
Network
|
microsoft
|
sql_server
|
Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-7249
|
2024-11-21 11:57 |
2016-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
