Skip to main content
CVE-2016-7136 MEDIUM POC PATCH This Month

z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Plone
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-7140 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Plone
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-7139 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Plone
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-7138 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Plone
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-7137 MEDIUM POC PATCH This Month

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Plone
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-6511 MEDIUM POC PATCH This Month

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Finecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2017-6509 MEDIUM POC This Month

Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Burgundy Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6508 MEDIUM POC PATCH This Month

CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Wget
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-10040 MEDIUM POC This Month

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Qxmlsimplereader
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2016-6350 MEDIUM POC PATCH This Month

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6239 MEDIUM POC This Month

The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows attackers to cause a denial of service (kernel panic and crash) via a large size value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6522 MEDIUM POC PATCH This Month

Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6247 MEDIUM POC This Month

OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of service (kernel panic) by unmounting a filesystem with an open vnode on the mnt_vnodelist. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6245 MEDIUM POC This Month

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6243 MEDIUM POC This Month

thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a crafted value in the tsp parameter of the __thrsleep system call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-6242 MEDIUM POC This Month

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-7135 MEDIUM POC PATCH This Month

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Plone
NVD
CVSS 3.0
4.9
EPSS
0.7%
CVE-2016-6246 MEDIUM POC This Month

OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openbsd
NVD
CVSS 3.0
4.4
EPSS
0.0%
CVE-2016-8971 MEDIUM PATCH This Month

IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow IBM Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-9729 MEDIUM PATCH This Month

IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

IBM Authentication Bypass Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-9148 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Service Desk Manager
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-9723 MEDIUM PATCH This Month

IBM QRadar 7.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4946 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hue
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-9693 MEDIUM PATCH This Month

IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

IBM Authentication Bypass Business Process Manager Websphere
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4948 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Manager
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-9245 MEDIUM This Month

In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +6
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2016-5315 MEDIUM This Month

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Libtiff Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2013-5653 MEDIUM PATCH This Month

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Afpl Ghostscript Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-1133 MEDIUM PATCH This Month

IBM QRadar 7.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-4947 MEDIUM This Month

Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hue
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9725 MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9720 MEDIUM PATCH This Month

IBM QRadar 7.2 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-9730 MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Qradar Incident Forensics Qradar Security Information And Event Manager
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy