|
267551
|
7.5 |
HIGH
Network
|
jwt_project
|
jwt
|
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attac…
|
CWE-361
7PK - Time and State
|
CVE-2016-7037
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267552
|
9.8 |
CRITICAL
Network
|
python-jose_project
|
python-jose
|
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
|
CWE-361
7PK - Time and State
|
CVE-2016-7036
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267553
|
7.5 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-6920
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267554
|
7.3 |
HIGH
Network
|
moodle
|
moodle
|
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2016-7038
|
2024-11-21 11:57 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267555
|
6.1 |
MEDIUM
Network
|
opera
|
opera_browser
|
Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE7…
|
CWE-601
Open Redirect
|
CVE-2016-6908
|
2024-11-21 11:57 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267556
|
6.5 |
MEDIUM
Network
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio…
|
CWE-352
Origin Validation Error
|
CVE-2016-6897
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267557
|
7.1 |
HIGH
Network
|
wordpress
|
wordpress
|
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read…
|
CWE-22
Path Traversal
|
CVE-2016-6896
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267558
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7150
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267559
|
6.1 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
|
CWE-79
Cross-site Scripting
|
CVE-2016-7149
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267560
|
8.1 |
HIGH
Network
|
unrealircd
|
unrealircd
|
The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user vi…
|
CWE-287
Improper Authentication
|
CVE-2016-7144
|
2024-11-21 11:57 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
