|
274011
|
9.8 |
CRITICAL
Network
|
wp-olivecart
|
olivecart olivecartpro
|
SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via un…
|
CWE-89
SQL Injection
|
CVE-2016-4905
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274012
|
8.8 |
HIGH
Network
|
wp-olivecart
|
olivecart olivecartpro
|
Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to p…
|
CWE-352
Origin Validation Error
|
CVE-2016-4904
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274013
|
6.1 |
MEDIUM
Network
|
wp-olivecart
|
olivecart olivecartpro
|
Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified v…
|
CWE-79
Cross-site Scripting
|
CVE-2016-4903
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274014
|
7.8 |
HIGH
Local
|
national_tax_agency
|
e-tax
|
Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2016-4901
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274015
|
7.8 |
HIGH
Local
|
evernote
|
evernote
|
Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2016-4900
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274016
|
4.3 |
MEDIUM
Adjacent
|
toshiba
|
flashair
|
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series…
|
CWE-287
Improper Authentication
|
CVE-2016-4863
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274017
|
8.8 |
HIGH
Network
|
nttdocomo
|
l-04d_firmware
|
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unsp…
|
CWE-352
Origin Validation Error
|
CVE-2016-4854
|
2024-11-21 11:53 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274018
|
8.8 |
HIGH
Network
|
basercms
|
basercms
|
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4887
|
2024-11-21 11:53 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274019
|
8.8 |
HIGH
Network
|
basercms
|
basercms
|
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4886
|
2024-11-21 11:53 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274020
|
8.8 |
HIGH
Network
|
basercms
|
basercms
|
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2016-4885
|
2024-11-21 11:53 |
2017-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|