|
265771
|
6.1 |
MEDIUM
Network
|
spip
|
spip
|
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9998
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265772
|
6.1 |
MEDIUM
Network
|
spip
|
spip
|
SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.
|
CWE-79
Cross-site Scripting
|
CVE-2016-9997
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265773
|
6.5 |
MEDIUM
Network
|
apport_project
|
apport
|
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click…
|
CWE-284
Improper Access Control
|
CVE-2016-9951
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265774
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package sp…
|
CWE-22
Path Traversal
|
CVE-2016-9950
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265775
|
7.8 |
HIGH
Local
|
apport_project
canonical
|
apport
ubuntu_linux
|
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers t…
|
CWE-94
Code Injection
|
CVE-2016-9949
|
2024-11-21 12:02 |
2016-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265776
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9967
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265777
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9966
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265778
|
9.8 |
CRITICAL
Network
|
samsung
|
samsung_mobile
|
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily re…
|
CWE-388
7PK - Errors
|
CVE-2016-9965
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265779
|
6.5 |
MEDIUM
Network
|
bottlepy
debian
|
bottle
debian_linux
|
redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequence, which leads to a CRLF attack, as demonstrated by a redirect("233\r\nSet-Cookie: name=salt") call.
|
CWE-93
CRLF Injection
|
CVE-2016-9964
|
2024-11-21 12:02 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265780
|
5.3 |
MEDIUM
Network
|
digium
|
asterisk
certified_asterisk
|
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_si…
|
CWE-285
Improper Authorization
|
CVE-2016-9938
|
2024-11-21 12:02 |
2016-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
