Skip to main content
CVE-2016-1610 HIGH POC THREAT Act Now

Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.8%.

Path Traversal Filr
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
20.8%
CVE-2016-1608 HIGH POC THREAT Act Now

vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Authentication Bypass Filr
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.6%
CVE-2016-1611 HIGH POC This Week

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Filr
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-1607 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Filr
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
1.0%
CVE-2016-5138 HIGH This Week

Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-2180 HIGH PATCH This Week

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

OpenSSL Denial Of Service Information Disclosure Buffer Overflow Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
4.6%
CVE-2016-4834 HIGH PATCH This Week

modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Vtiger Crm
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2016-5672 HIGH This Week

Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Crosswalk
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2016-1461 HIGH This Week

Cisco AsyncOS on Email Security Appliance (ESA) devices through 9.7.0-125 allows remote attackers to bypass malware detection via a crafted attachment in an e-mail message, aka Bug ID CSCuz14932. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Asyncos
NVD
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy