Skip to main content
CVE-2016-7981 MEDIUM POC PATCH THREAT This Month

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.5%.

XSS PHP Spip
NVD VulDB
CVSS 3.0
6.1
EPSS
43.5%
Threat
4.0
CVE-2016-6896 HIGH POC THREAT Act Now

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 35.2%.

Denial Of Service Path Traversal WordPress PHP
NVD Exploit-DB VulDB
CVSS 3.0
7.1
EPSS
35.2%
Threat
4.0
CVE-2016-7982 HIGH POC PATCH THREAT Act Now

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.7%.

Path Traversal PHP Spip
NVD Exploit-DB VulDB
CVSS 3.0
7.5
EPSS
32.7%
Threat
4.0
CVE-2016-7998 HIGH POC PATCH THREAT Act Now

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.2%.

RCE PHP Spip
NVD Exploit-DB VulDB
CVSS 3.0
8.8
EPSS
23.2%
Threat
4.0
CVE-2016-6897 MEDIUM POC THREAT This Month

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.3%.

WordPress CSRF PHP
NVD GitHub Exploit-DB VulDB
CVSS 3.0
6.5
EPSS
30.3%
CVE-2016-2233 HIGH POC THREAT Act Now

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.4%.

Buffer Overflow Denial Of Service Hexchat
NVD Exploit-DB VulDB
CVSS 3.0
7.5
EPSS
14.4%
CVE-2016-2087 HIGH POC THREAT Act Now

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 13.0%.

Path Traversal Hexchat
NVD Exploit-DB VulDB
CVSS 3.0
7.4
EPSS
13.0%
CVE-2016-7980 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Spip
NVD Exploit-DB VulDB
CVSS 3.0
8.8
EPSS
0.6%
CVE-2016-3411 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

XSS Zimbra Collaboration Suite
NVD Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
10.4%
CVE-2016-9109 HIGH POC This Week

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mujs
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-7563 HIGH POC This Week

The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mujs
NVD VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-7564 HIGH POC This Week

Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Mujs
NVD VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-9676 CRITICAL Act Now

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Citrix Provisioning Services
NVD VulDB
CVSS 3.0
9.8
EPSS
6.2%
CVE-2016-6283 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Confluence
NVD Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
3.0%
CVE-2016-9678 CRITICAL Act Now

Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Citrix Use After Free RCE Provisioning Services
NVD VulDB
CVSS 3.0
9.8
EPSS
4.4%
CVE-2016-9679 CRITICAL Act Now

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Citrix Provisioning Services
NVD VulDB
CVSS 3.0
9.8
EPSS
3.8%
CVE-2016-7996 CRITICAL PATCH Act Now

Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Graphicsmagick
NVD VulDB
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-3415 CRITICAL Act Now

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
9.1
EPSS
0.5%
CVE-2016-9584 CRITICAL Act Now

libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Use After Free Libical
NVD VulDB
CVSS 3.0
9.1
EPSS
0.4%
CVE-2016-6271 HIGH PATCH This Week

The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bzrtp
NVD GitHub VulDB
CVSS 3.0
7.5
EPSS
7.4%
CVE-2016-3406 HIGH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-7144 HIGH PATCH This Week

The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Unrealircd
NVD GitHub VulDB
CVSS 3.0
8.1
EPSS
2.4%
CVE-2016-10086 HIGH PATCH This Week

RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Service Desk Management Service Desk Manager
NVD VulDB
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-6497 HIGH PATCH This Week

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache Information Disclosure Groovy Ldap
NVD VulDB
CVSS 3.1
7.5
EPSS
3.0%
CVE-2016-6527 HIGH This Week

The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Privilege Escalation Samsung Mobile
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6526 HIGH This Week

The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Privilege Escalation Samsung Mobile
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-9680 HIGH This Week

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Provisioning Services
NVD VulDB
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-7997 HIGH PATCH This Week

The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Graphicsmagick
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-9279 HIGH This Week

Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Samsung Information Disclosure Memory Corruption +1
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-6823 HIGH PATCH This Week

Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2016-9297 HIGH PATCH This Week

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Libtiff
NVD VulDB
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4019 HIGH This Week

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3413 HIGH This Week

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3405 HIGH This Week

Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3404 HIGH This Week

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-3402 HIGH This Week

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-7999 HIGH PATCH This Week

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF PHP Spip
NVD VulDB
CVSS 3.0
7.4
EPSS
0.7%
CVE-2014-9910 HIGH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Broadcom Google Privilege Escalation RCE Android
NVD VulDB
CVSS 3.0
7.0
EPSS
0.0%
CVE-2014-9909 HIGH This Week

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Broadcom Google Privilege Escalation RCE Android
NVD VulDB
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-7799 MEDIUM PATCH This Month

MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Debian Linux
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2016-3414 MEDIUM PATCH This Month

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-7101 MEDIUM PATCH This Month

The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-3401 MEDIUM This Month

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-7149 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS B2Evolution
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-3999 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3410 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3409 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3407 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3412 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3408 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy