|
268511
|
4.7 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via u…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7111
|
2024-11-21 11:57 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268512
|
5.5 |
MEDIUM
Local
|
libav
|
libav
|
Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7393
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268513
|
5.5 |
MEDIUM
Local
|
autotrace_project
|
autotrace
|
Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted…
|
CWE-787
Out-of-bounds Write
|
CVE-2016-7392
|
2024-11-21 11:57 |
2017-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268514
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action,…
|
CWE-89
SQL Injection
|
CVE-2016-7400
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268515
|
7.5 |
HIGH
Network
|
libtorrent
|
libtorrent
|
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.
|
CWE-20
Improper Input Validation
|
CVE-2016-7164
|
2024-11-21 11:57 |
2017-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268516
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2016-7147
|
2024-11-21 11:57 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268517
|
9.8 |
CRITICAL
Network
|
libgd
|
libgd
|
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
|
CWE-415
Double Free
|
CVE-2016-6912
|
2024-11-21 11:57 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268518
|
5.5 |
MEDIUM
Local
|
libgd
|
libgd
|
The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-6911
|
2024-11-21 11:57 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268519
|
5.5 |
MEDIUM
Local
|
libdwarf_project
|
libdwarf
|
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2016-7410
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268520
|
8.4 |
HIGH
Local
|
owncloud
|
owncloud_desktop_client
|
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
|
CWE-94
Code Injection
|
CVE-2016-7102
|
2024-11-21 11:57 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
