|
270641
|
9.8 |
CRITICAL
Network
|
vmware
|
photon_os
|
VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-5333
|
2024-11-21 11:54 |
2016-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270642
|
5.3 |
MEDIUM
Network
|
vmware
|
vrealize_log_insight
|
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2016-5332
|
2024-11-21 11:54 |
2016-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270643
|
9.8 |
CRITICAL
Network
|
google
linux
|
android
linux_kernel
|
Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-5344
|
2024-11-21 11:54 |
2016-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270644
|
7.8 |
HIGH
Local
|
google
linux
|
android
linux_kernel
|
Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center …
|
CWE-787
Out-of-bounds Write
|
CVE-2016-5342
|
2024-11-21 11:54 |
2016-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270645
|
6.1 |
MEDIUM
Network
|
zimbra
|
zimbra_collaboration_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2016-5721
|
2024-11-21 11:54 |
2016-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270646
|
7.8 |
HIGH
Local
|
readydesk
|
readydesk
|
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.
|
NVD-CWE-Other
|
CVE-2016-5683
|
2024-11-21 11:54 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270647
|
4.3 |
MEDIUM
Network
|
accellion
|
kiteworks_appliance
|
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
|
CWE-22
Path Traversal
|
CVE-2016-5664
|
2024-11-21 11:54 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270648
|
6.1 |
MEDIUM
Network
|
accellion
|
kiteworks_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (…
|
CWE-79
Cross-site Scripting
|
CVE-2016-5663
|
2024-11-21 11:54 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270649
|
7.8 |
HIGH
Local
|
accellion
|
kiteworks_appliance
|
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2016-5662
|
2024-11-21 11:54 |
2016-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270650
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms
|
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
|
CWE-284
Improper Access Control
|
CVE-2016-5383
|
2024-11-21 11:54 |
2016-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
