Skip to main content
CVE-2016-7981 MEDIUM POC PATCH THREAT This Month

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 43.5%.

XSS PHP Spip
NVD VulDB
CVSS 3.0
6.1
EPSS
43.5%
Threat
4.0
CVE-2016-6897 MEDIUM POC THREAT This Month

Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.3%.

WordPress CSRF PHP
NVD GitHub Exploit-DB VulDB
CVSS 3.0
6.5
EPSS
30.3%
CVE-2016-3411 MEDIUM POC THREAT This Month

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.4%.

XSS Zimbra Collaboration Suite
NVD Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
10.4%
CVE-2016-6283 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Atlassian Confluence
NVD Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
3.0%
CVE-2016-7799 MEDIUM PATCH This Month

MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick Debian Linux
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2016-3414 MEDIUM PATCH This Month

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.5
EPSS
0.7%
CVE-2016-7101 MEDIUM PATCH This Month

The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Imagemagick
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2016-3401 MEDIUM This Month

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-7149 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS B2Evolution
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-3999 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3410 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3409 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3407 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-3412 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-3408 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zimbra Collaboration Suite
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-8684 MEDIUM This Month

Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Exponent Cms
NVD VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2015-8667 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Exponent Cms
NVD VulDB
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9844 MEDIUM This Month

Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Unzip
NVD VulDB
CVSS 3.0
4.0
EPSS
9.8%
CVE-2016-9273 MEDIUM This Month

tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff
NVD VulDB
CVSS 3.0
5.5
EPSS
1.1%
CVE-2016-7906 MEDIUM PATCH This Month

magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Imagemagick Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2016-10147 MEDIUM PATCH This Month

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-9278 MEDIUM This Month

The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Exynos Fimg2D Driver
NVD VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-7150 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS B2Evolution
NVD GitHub VulDB
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-9677 MEDIUM This Month

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Provisioning Services
NVD VulDB
CVSS 3.0
5.3
EPSS
0.3%
CVE-2014-9913 MEDIUM This Month

Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Unzip
NVD VulDB
CVSS 3.0
4.0
EPSS
4.1%
CVE-2016-10148 MEDIUM PATCH This Month

The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass PHP
NVD VulDB
CVSS 3.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy