|
266851
|
9.8 |
CRITICAL
Network
|
bmc
|
track-it\!
|
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an a…
|
CWE-284
Improper Access Control
|
CVE-2016-6598
|
2024-11-21 11:56 |
2018-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266852
|
9.8 |
CRITICAL
Network
|
apache
redhat
|
groovy
enterprise_linux_server
|
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate betwee…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-6814
|
2024-11-21 11:56 |
2018-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266853
|
6.1 |
MEDIUM
Network
|
apache
|
activemq
|
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is imprope…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6810
|
2024-11-21 11:56 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266854
|
7.8 |
HIGH
Local
|
apache
|
openoffice
|
The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated pr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-6804
|
2024-11-21 11:56 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266855
|
7.8 |
HIGH
Local
|
apache
|
openoffice
|
An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan …
|
CWE-426
Untrusted Search Path
|
CVE-2016-6803
|
2024-11-21 11:56 |
2017-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266856
|
6.5 |
MEDIUM
Network
|
apache
|
ranger
|
In Apache Ranger before 0.6.2, users with "keyadmin" role should not be allowed to change password for users with "admin" role.
|
CWE-255
Credentials Management
|
CVE-2016-6815
|
2024-11-21 11:56 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266857
|
8.8 |
HIGH
Network
|
apache
|
wicket
|
Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 provide a CSRF prevention measure that fails to discover some cross origin requests. The mitigation is to not only check the Origin HTT…
|
CWE-352
Origin Validation Error
|
CVE-2016-6806
|
2024-11-21 11:56 |
2017-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266858
|
9.8 |
CRITICAL
Network
|
apache
|
struts
|
In the Convention plugin in Apache Struts 2.3.x before 2.3.31, and 2.5.x before 2.5.5, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on…
|
CWE-22
Path Traversal
|
CVE-2016-6795
|
2024-11-21 11:56 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266859
|
6.1 |
MEDIUM
Network
|
apache
|
ofbiz
|
The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creatio…
|
CWE-79
Cross-site Scripting
|
CVE-2016-6800
|
2024-11-21 11:56 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266860
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of s…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-6817
|
2024-11-21 11:56 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
