|
268771
|
7.5 |
HIGH
Network
|
iodata
|
wfs-sr01_firmware
|
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-7807
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268772
|
9.8 |
CRITICAL
Network
|
iodata
|
wfs-sr01_firmware
|
I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2016-7806
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268773
|
5.9 |
MEDIUM
Network
|
unisys
|
mobigate
|
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-7805
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268774
|
8.8 |
HIGH
Network
|
cybozu
|
garoon
|
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
|
CWE-89
SQL Injection
|
CVE-2016-7803
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268775
|
6.5 |
MEDIUM
Network
|
cybozu
|
garoon
|
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2016-7802
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268776
|
4.3 |
MEDIUM
Network
|
cybozu
|
garoon
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2016-7801
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268777
|
5.4 |
MEDIUM
Network
|
f5
|
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_application_security_manager<…
|
A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM,…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7469
|
2024-11-21 11:58 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268778
|
9.8 |
CRITICAL
Network
|
artifex
|
ghostscript
|
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2016-7979
|
2024-11-21 11:58 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268779
|
9.8 |
CRITICAL
Network
|
artifex
|
ghostscript
|
Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.
|
CWE-416
Use After Free
|
CVE-2016-7978
|
2024-11-21 11:58 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268780
|
5.5 |
MEDIUM
Local
|
artifex
|
ghostscript
|
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript d…
|
CWE-200
Information Exposure
|
CVE-2016-7977
|
2024-11-21 11:58 |
2017-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
