|
268281
|
9.8 |
CRITICAL
Network
|
foscam
|
c1_webcam_firmware
|
Hard-coded FTP credentials (r:r) are included in the Foscam C1 running firmware 1.9.1.12. Knowledge of these credentials would allow remote access to any cameras found on the internet that do not hav…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2016-8731
|
2024-11-21 11:59 |
2017-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268282
|
4.8 |
MEDIUM
Network
|
apache
|
ranger
|
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal us…
|
CWE-79
Cross-site Scripting
|
CVE-2016-8751
|
2024-11-21 11:59 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268283
|
5.9 |
MEDIUM
Network
|
apache
|
ranger
|
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
|
CWE-426
Untrusted Search Path
|
CVE-2016-8746
|
2024-11-21 11:59 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268284
|
6.5 |
MEDIUM
Network
|
cloudfoundry
|
capi-release
cf-release
|
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability t…
|
CWE-269
Improper Privilege Management
|
CVE-2016-8219
|
2024-11-21 11:59 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268285
|
9.8 |
CRITICAL
Network
|
cloudfoundry
|
cf-release
routing-release
|
An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. Incomplete validation logic in JSON Web Token (JWT) libraries can all…
|
CWE-20
Improper Input Validation
|
CVE-2016-8218
|
2024-11-21 11:59 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268286
|
7.5 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificat…
|
CWE-295
Improper Certificate Validation
|
CVE-2016-8231
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268287
|
7.5 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers.
|
CWE-200
Information Exposure
|
CVE-2016-8230
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268288
|
8.8 |
HIGH
Network
|
lenovo
|
lenovo_service_bridge
|
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.
|
CWE-352
Origin Validation Error
|
CVE-2016-8229
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268289
|
7.8 |
HIGH
Local
|
lenovo
|
lenovo_service_bridge
|
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-8228
|
2024-11-21 11:59 |
2017-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268290
|
7.5 |
HIGH
Network
|
apache
|
qpid_broker-j
|
The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 Authenticat…
|
CWE-200
Information Exposure
|
CVE-2016-8741
|
2024-11-21 11:59 |
2017-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
