Skip to main content
CVE-2016-1593 HIGH POC THREAT Act Now

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.1%.

Path Traversal Service Desk
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
85.1%
Threat
5.5
CVE-2016-2203 HIGH POC THREAT Act Now

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 29.6%.

Authentication Bypass Messaging Gateway
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
29.6%
CVE-2016-1594 MEDIUM POC This Month

Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Service Desk
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
4.7%
CVE-2016-1595 MEDIUM POC This Month

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Service Desk
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
3.5%
CVE-2016-1596 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Service Desk
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-8823 HIGH PATCH This Week

Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2016-2354 HIGH This Week

The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver before 2016-04-07 supports unrestricted pairing without a PIN, which allows remote attackers to send arbitrary CAN commands by. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bluedriver
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-2204 HIGH This Week

The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Messaging Gateway
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-4063 HIGH This Week

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2016-4059 HIGH This Week

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2016-4064 HIGH This Week

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Authentication Bypass Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2016-4065 HIGH This Week

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Microsoft Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-2306 HIGH This Week

The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integraxor
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-2299 HIGH This Week

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Integraxor
NVD
CVSS 3.0
7.3
EPSS
1.3%
CVE-2016-4061 HIGH This Week

Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote attackers to cause a denial of service (application crash) via a crafted content stream. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Foxit Reader Phantompdf
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-4060 HIGH This Week

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Foxit Reader Phantompdf
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-2300 MEDIUM This Month

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Integraxor
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-2301 MEDIUM This Month

SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Integraxor
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2016-1036 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Analytics Appmeasurement For Flash Library
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-2305 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Integraxor
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3126 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1918 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-1917 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4062 MEDIUM This Month

Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report format errors recursively, which allows remote attackers to cause a denial of service (application hang) via a crafted PDF. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Foxit Reader Phantompdf
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-1916 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-2303 MEDIUM This Month

CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Integraxor
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-2302 MEDIUM This Month

Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive information by reading detailed error messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integraxor
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-3145 MEDIUM This Month

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Printer Firmware
NVD
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-2304 MEDIUM This Month

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integraxor
NVD
CVSS 3.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy