|
268301
|
5.5 |
MEDIUM
Local
|
onionshare
|
onionshare
|
hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.
|
CWE-284
Improper Access Control
|
CVE-2016-5026
|
2024-11-21 11:53 |
2017-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268302
|
4.8 |
MEDIUM
Local
|
valvesoftware
|
steamos
|
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-5237
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268303
|
7.5 |
HIGH
Network
|
keepass
|
keepass
|
The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.
|
CWE-20
Improper Input Validation
|
CVE-2016-5119
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268304
|
8.1 |
HIGH
Network
|
typo3
|
typo3
|
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
|
CWE-254
7PK - Security Features
|
CVE-2016-5091
|
2024-11-21 11:53 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268305
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
|
CWE-200
Information Exposure
|
CVE-2016-5014
|
2024-11-21 11:53 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268306
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
|
CWE-74
Injection
|
CVE-2016-5013
|
2024-11-21 11:53 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268307
|
5.3 |
MEDIUM
Network
|
moodle
|
moodle
|
In Moodle 3.x, glossary search displays entries without checking user permissions to view them.
|
CWE-200
Information Exposure
|
CVE-2016-5012
|
2024-11-21 11:53 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268308
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5226
|
2024-11-21 11:53 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268309
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Poli…
|
CWE-19
Data Processing Errors
|
CVE-2016-5225
|
2024-11-21 11:53 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268310
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote atta…
|
CWE-189
Numeric Errors
|
CVE-2016-5224
|
2024-11-21 11:53 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
