|
272011
|
7.5 |
HIGH
Network
|
nec
|
expresscluster_x
|
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via u…
|
CWE-22
Path Traversal
|
CVE-2016-1145
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272012
|
5.4 |
MEDIUM
Network
|
websquare
|
job-cube
|
Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1144
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272013
|
6.1 |
MEDIUM
Network
|
vine_mv_project
|
vine_mv
|
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-1143
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272014
|
4.7 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2016-1141
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272015
|
6.1 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-254
7PK - Security Features
|
CVE-2016-1140
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272016
|
7.5 |
HIGH
Network
|
kddi
|
home_spot_cube_firmware
|
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-1139
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272017
|
4.7 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2016-1138
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272018
|
7.4 |
HIGH
Network
|
kddi
|
home_spot_cube_firmware
|
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2016-1137
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272019
|
5.4 |
MEDIUM
Network
|
kddi
|
home_spot_cube_firmware
|
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-1136
|
2024-11-21 11:45 |
2016-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272020
|
6.1 |
MEDIUM
Network
|
buffalotech
|
wmr-300_firmware
wex-300_firmware
wmr-433_firmware
bhr-4grv2_firmware
whr-300hp2_firmware
whr-1166dhp_firmware
whr-600d_firmware
wsr-1166dhp_firmware
|
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlie…
|
CWE-79
Cross-site Scripting
|
CVE-2016-1135
|
2024-11-21 11:45 |
2016-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
