Skip to main content
CVE-2016-6253 HIGH POC Act Now

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netbsd
NVD Exploit-DB VulDB
CVSS 3.0
7.8
EPSS
7.3%
CVE-2014-2045 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Multichannel Vpn Router 300 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
6.1
EPSS
4.3%
CVE-2017-5543 CRITICAL PATCH Act Now

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Subrion
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
1.8%
CVE-2014-9755 HIGH This Week

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Multichannel Vpn Router 300 Firmware
NVD VulDB
CVSS 3.0
7.5
EPSS
1.8%
CVE-2016-5323 HIGH This Week

The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libtiff Opensuse
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-10143 HIGH PATCH This Week

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Tikiwiki Cms Groupware
NVD VulDB
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-7038 HIGH PATCH This Week

In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle
NVD VulDB
CVSS 3.0
7.3
EPSS
0.2%
CVE-2016-9435 MEDIUM PATCH This Month

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap W3M
NVD GitHub VulDB
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-9436 MEDIUM PATCH This Month

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Leap W3M
NVD GitHub VulDB
CVSS 3.0
6.5
EPSS
1.4%
CVE-2016-5319 MEDIUM This Month

Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libtiff
NVD VulDB
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-5316 MEDIUM This Month

Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libtiff Opensuse Leap
NVD VulDB
CVSS 3.0
6.5
EPSS
0.9%
CVE-2016-5318 MEDIUM This Month

Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libtiff
NVD VulDB
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-5317 MEDIUM This Month

Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Opensuse Leap
NVD VulDB
CVSS 3.0
6.5
EPSS
0.6%
CVE-2016-5321 MEDIUM This Month

The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Opensuse Libtiff
NVD VulDB
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-5542 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Symphony
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-2578 MEDIUM PATCH This Month

In Moodle 3.x, there is XSS in the assignment submission page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD VulDB
CVSS 3.0
6.1
EPSS
0.3%
CVE-2014-9754 MEDIUM This Month

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Multichannel Vpn Router 300 Firmware
NVD VulDB
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-5541 MEDIUM This Month

Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Symphony
NVD GitHub VulDB
CVSS 3.0
5.3
EPSS
1.3%
CVE-2016-5013 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Moodle
NVD VulDB
CVSS 3.0
5.4
EPSS
0.4%
CVE-2016-5014 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD VulDB
CVSS 3.0
5.4
EPSS
0.2%
CVE-2017-2576 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle
NVD VulDB
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-8644 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Moodle
NVD VulDB
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-8642 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle
NVD VulDB
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5012 MEDIUM PATCH This Month

In Moodle 3.x, glossary search displays entries without checking user permissions to view them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD VulDB
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-8643 MEDIUM PATCH This Month

In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD VulDB
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy