Skip to main content
CVE-2016-3968 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sophos Cyberoam Cr100Ing Utm Firmware Cyberoam Cr35Ing Utm Firmware
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-2292 MEDIUM This Month

Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allows remote attackers to execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Proface Gp Pro Ex Ex Ed Proface Gp Pro Ex Pfxexedls +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2016-2291 MEDIUM This Month

Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 allow remote attackers to execute arbitrary code or cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Information Disclosure Buffer Overflow RCE Proface Gp Pro Ex Ex Ed +3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2016-3118 MEDIUM This Month

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Api Gateway
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2277 MEDIUM This Month

IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file. Rated medium severity (CVSS 6.3). No vendor patch available.

Rockwell RCE Authentication Bypass Integrated Architecture Builder
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2016-1173 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Casebook Plugin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1171 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Casebook Plugin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-1169 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Casebook Plugin
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3969 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Gateway
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1346 MEDIUM This Month

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Emc Powerscale Onefs Jr6150 Firmware X14J Firmware +2
NVD
CVSS 3.0
5.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy