Skip to main content
CVE-2016-7965 MEDIUM POC This Month

DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dokuwiki
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-7990 CRITICAL Act Now

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Samsung Denial Of Service Android
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-8877 HIGH PATCH This Week

Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow RCE Microsoft Phantompdf +1
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-8878 HIGH PATCH This Week

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow RCE Microsoft Phantompdf +1
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-7964 HIGH PATCH This Week

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

PHP SSRF Dokuwiki
NVD GitHub
CVSS 3.0
8.6
EPSS
0.3%
CVE-2016-8856 HIGH PATCH This Week

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Privilege Escalation Reader
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-8203 HIGH This Week

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Netiron Os
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-8876 HIGH PATCH This Week

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Buffer Overflow RCE Microsoft Phantompdf +1
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-7989 HIGH This Week

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-7988 HIGH This Week

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-7991 HIGH This Week

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-8879 MEDIUM PATCH This Month

The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Memory Corruption Buffer Overflow Microsoft Phantompdf +1
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-8875 MEDIUM PATCH This Month

The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Information Disclosure Buffer Overflow Microsoft Phantompdf +1
NVD
CVSS 3.0
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy