Skip to main content
CVE-2016-8740 HIGH POC PATCH THREAT Act Now

The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, when the Protocols configuration includes h2 or h2c, does not restrict request-header length, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 68.3%.

Denial Of Service Apache Http Server Apache HTTP Server
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
68.3%
Threat
5.0
CVE-2016-9836 CRITICAL POC Act Now

The file scanning mechanism of JFilterInput::isFileSafe() in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Joomla
NVD GitHub
CVSS 3.0
9.8
EPSS
0.4%
CVE-2016-9835 CRITICAL PATCH Act Now

Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Path Traversal Command Injection PHP Microsoft Zikula Application Framework
NVD GitHub
CVSS 3.0
9.8
EPSS
3.9%
CVE-2016-9157 CRITICAL Act Now

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Siemens Sicam Pas Pqs
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2016-9156 HIGH This Week

A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Sicam Pas Pqs
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2016-9152 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Spip
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-7171 MEDIUM PATCH This Month

NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Netapp Plug In
NVD
CVSS 3.0
5.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy