|
271831
|
8.2 |
HIGH
Network
|
apache
|
struts
|
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a…
|
CWE-20
Improper Input Validation
|
CVE-2016-1182
|
2024-11-21 11:45 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271832
|
8.1 |
HIGH
Network
|
oracle
apache
|
banking_platform
portal
struts
|
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of servic…
|
NVD-CWE-noinfo
|
CVE-2016-1181
|
2024-11-21 11:45 |
2016-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271833
|
8.8 |
HIGH
Network
|
ntt-west
ntt-east
|
pr-400mi_firmware
pr-400mi
rt-400mi_firmware
rv-440mi_firmware
|
Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware …
|
CWE-352
Origin Validation Error
|
CVE-2016-1228
|
2024-11-21 11:45 |
2016-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271834
|
7.2 |
HIGH
Network
|
ntt-east
ntt-west
|
rt-400mi_firmware
pr-400mi_firmware
rv-440mi_firmware
|
NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and ear…
|
NVD-CWE-noinfo
|
CVE-2016-1227
|
2024-11-21 11:45 |
2016-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271835
|
7.5 |
HIGH
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2016-1193
|
2024-11-21 11:45 |
2016-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271836
|
6.5 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-1190
|
2024-11-21 11:45 |
2016-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271837
|
8.1 |
HIGH
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1189
|
2024-11-21 11:45 |
2016-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271838
|
6.5 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-1188
|
2024-11-21 11:45 |
2016-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271839
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerabilit…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2016-1196
|
2024-11-21 11:45 |
2016-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
271840
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2016-1192
|
2024-11-21 11:45 |
2016-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
