|
265681
|
8.6 |
HIGH
Network
|
ibm
|
websphere_cast_iron_solution
|
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vul…
|
CWE-20
Improper Input Validation
|
CVE-2016-9692
|
2024-11-21 12:01 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265682
|
8.6 |
HIGH
Network
|
ibm
|
websphere_cast_iron_solution
|
IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could explo…
|
CWE-611
XXE
|
CVE-2016-9691
|
2024-11-21 12:01 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265683
|
8.1 |
HIGH
Network
|
ibm
|
rational_rhapsody_design_manager
rational_quality_manager
rational_engineering_lifecycle_manager
rational_software_architect_design_manager
rational_collaborative_lifecycle_management
…
|
IBM Jazz Foundation is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose…
|
CWE-611
XXE
|
CVE-2016-9707
|
2024-11-21 12:01 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265684
|
4.7 |
MEDIUM
Network
|
brave
|
browser
|
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9473
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265685
|
5.4 |
MEDIUM
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other param…
|
CWE-79
Cross-site Scripting
|
CVE-2016-9472
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265686
|
9.0 |
CRITICAL
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables …
|
CWE-254
7PK - Security Features
|
CVE-2016-9470
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265687
|
5.3 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partiall…
|
CWE-284
Improper Access Control
|
CVE-2016-9468
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265688
|
3.1 |
LOW
Network
|
revive-adserver
|
revive_adserver
|
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters w…
|
NVD-CWE-Other
|
CVE-2016-9471
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265689
|
8.2 |
HIGH
Network
|
gitlab
|
gitlab
|
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9469
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265690
|
5.3 |
MEDIUM
Network
|
owncloud
nextcloud
|
owncloud
nextcloud_server
|
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parame…
|
CWE-284
Improper Access Control
|
CVE-2016-9467
|
2024-11-21 12:01 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
