|
268261
|
8.8 |
HIGH
Network
|
apache
|
brooklyn
|
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst a user is logg…
|
CWE-352
Origin Validation Error
|
CVE-2016-8737
|
2024-11-21 11:59 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268262
|
8.8 |
HIGH
Network
|
apache
|
brooklyn
|
Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2016-8744
|
2024-11-21 11:59 |
2017-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268263
|
7.5 |
HIGH
Network
|
apache
|
atlas
|
Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and 0.7.1 (incubating) allow access to the webapp directory contents by pointing to URIs like /js and /img.
|
CWE-284
Improper Access Control
|
CVE-2016-8752
|
2024-11-21 11:59 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268264
|
7.5 |
HIGH
Network
|
apache
|
tomcat
|
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted…
|
CWE-388
7PK - Errors
|
CVE-2016-8745
|
2024-11-21 11:59 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268265
|
7.5 |
HIGH
Network
|
apache
|
cxf
|
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by defa…
|
CWE-611
XXE
|
CVE-2016-8739
|
2024-11-21 11:59 |
2017-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268266
|
7.5 |
HIGH
Network
|
apache
netapp
debian
redhat
|
http_server
clustered_data_ontap
oncommand_unified_manager
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus<…
|
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors repres…
|
NVD-CWE-noinfo
|
CVE-2016-8743
|
2024-11-21 11:59 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268267
|
9.1 |
CRITICAL
Network
|
ipsilon_project
|
ipsilon
|
A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related …
|
CWE-384
Session Fixation
|
CVE-2016-8638
|
2024-11-21 11:59 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268268
|
8.8 |
HIGH
Network
|
fortinet
|
forticlient
|
In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8493
|
2024-11-21 11:59 |
2017-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268269
|
9.8 |
CRITICAL
Network
|
foscam
|
c1_webcam_firmware
|
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not hav…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-8731
|
2024-11-21 11:59 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268270
|
4.8 |
MEDIUM
Network
|
apache
|
ranger
|
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal us…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8751
|
2024-11-21 11:59 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
