CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6793 | critical | 9.1 | 9.1 | 9y ago | The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x before 1.5.17 allows remote attackers to cause a denial of service (infinite loop) and write to, move, and delete files with the pe… | |||
| CVE-2016-7835 | critical | 9.1 | 9.1 | 9y ago | Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | |||
| CVE-2016-8649 | critical | 9.1 | 9.1 | 9y ago | lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's f… | |||
| CVE-2016-8721 | critical | 9.1 | 9.1 | 9y ago | An exploitable OS Command Injection vulnerability exists in the web application 'ping' functionality of Moxa AWK-3131A Wireless Access Points running firmware 1.1. Specially crafted web form input ca… | |||
| CVE-2016-6111 | critical | 9.1 | 9.1 | 9y ago | IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit… | |||
| CVE-2016-9121 | critical | 9.1 | 9.1 | 9y ago | go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received pu… | |||
| CVE-2016-9814 | critical | 9.1 | 9.1 | 9y ago | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers … | |||
| CVE-2016-9706 | critical | 9.1 | 9.1 | 9y ago | IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remot… | |||
| CVE-2016-9362 | critical | 9.1 | 9.1 | 9y ago | An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform … | |||
| CVE-2016-9639 | critical | 9.1 | 9.1 | 9y ago | Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching. | |||
| CVE-2016-2908 | critical | 9.1 | 9.1 | 10y ago | IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker… | |||
| CVE-2016-8491 | critical | 9.1 | 9.1 | 10y ago | The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. | |||
| CVE-2016-6269 | critical | 9.1 | 9.1 | 10y ago | Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete a… | |||
| CVE-2016-8325 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1… | |||
| CVE-2016-6223 | critical | 9.1 | 9.1 | 10y ago | The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a … | |||
| CVE-2016-3415 | critical | 9.1 | 9.1 | 10y ago | Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276. | |||
| CVE-2016-9584 | critical | 9.1 | 9.1 | 10y ago | libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. | |||
| CVE-2016-7460 | critical | 9.1 | 9.1 | 10y ago | The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and 6.0 before U2a and vRealize Automation 6.x before 6.2.5 allows remote attackers to read arbitrary files or cause a denial of ser… | |||
| CVE-2016-9180 | critical | 9.1 | 9.1 | 10y ago | perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's … | |||
| CVE-2016-6520 | critical | 9.1 | 9.1 | 10y ago | Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 allows remote attackers to have unspecified impact via vectors related to pixel cache morphology. | |||
| CVE-2016-9480 | critical | 9.1 | 9.1 | 10y ago | libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" … | |||
| CVE-2016-3028 | critical | 9.1 | 9.1 | 10y ago | IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before 8.0.1.4 IF3 and Security Access Manager 9.0 before 9.0.1.0 IF5 allow remote authenticated users to execute arbitrary commands by leve… | |||
| CVE-2016-5763 | critical | 9.1 | 9.1 | 10y ago | Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update… | |||
| CVE-2016-9272 | critical | 9.1 | 9.1 | 10y ago | A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | |||
| CVE-2016-6445 | critical | 9.1 | 9.1 | 10y ago | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an un… | |||
| CVE-2016-5605 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. | |||
| CVE-2016-5599 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and inte… | |||
| CVE-2016-5555 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. | |||
| CVE-2016-8565 | critical | 9.1 | 9.1 | 10y ago | Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets. | |||
| CVE-2016-1000112 | critical | 9.1 | 9.1 | 10y ago | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin | |||
| CVE-2016-7435 | critical | 9.1 | 9.1 | 10y ago | The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with cer… | |||
| CVE-2016-4694 | critical | 9.1 | 9.1 | 10y ago | The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data… | |||
| CVE-2016-0903 | critical | 9.1 | 9.1 | 10y ago | Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data … | |||
| CVE-2016-6394 | critical | 9.1 | 9.1 | 10y ago | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug … | |||
| CVE-2016-6254 | critical | 9.1 | 9.1 | 10y ago | Heap-based buffer overflow in the parse_packet function in network.c in collectd before 5.4.3 and 5.x before 5.5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly exec… | |||
| CVE-2016-6582 | critical | 9.1 | 9.1 | 10y ago | The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specificat… | |||
| CVE-2016-3312 | critical | 9.1 | 9.1 | 10y ago | ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Info… | |||
| CVE-2016-5116 | critical | 9.1 | 9.1 | 10y ago | gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memor… | |||
| CVE-2016-5114 | critical | 9.1 | 9.1 | 10y ago | sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information… | |||
| CVE-2016-3546 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vector… | |||
| CVE-2016-3543 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3541 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confiden… | |||
| CVE-2016-3527 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-4532 | critical | 9.1 | 9.1 | 10y ago | Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2016-4510 | critical | 9.1 | 9.1 | 10y ago | The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | |||
| CVE-2016-4360 | critical | 9.1 | 9.1 | 10y ago | web/admin/data.js in the Performance Center Virtual Table Server (VTS) component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.5… | |||
| CVE-2016-2029 | critical | 9.1 | 9.1 | 10y ago | HPE Matrix Operating Environment before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-4358. | |||
| CVE-2016-2018 | critical | 9.1 | 9.1 | 10y ago | HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2016-4432 | critical | 9.1 | 9.1 | 10y ago | AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication | |||
| CVE-2016-4501 | critical | 9.1 | 9.1 | 10y ago | Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via … | |||
| CVE-2016-3466 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors relat… | |||
| CVE-2016-0699 | critical | 9.1 | 9.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… | |||
| CVE-2016-1034 | critical | 9.1 | 9.1 | 10y ago | The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspec… | |||
| CVE-2016-3065 | critical | 9.1 | 9.1 | 10y ago | The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequent… | |||
| CVE-2016-1154 | critical | 9.1 | 9.1 | 10y ago | SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-1903 | critical | 9.1 | 9.1 | 11y ago | The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or ca… | |||
| CVE-2016-1142 | critical | 9.1 | 9.1 | 11y ago | Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2016-4435 | critical | 9.0 | 9.0 | 9y ago | An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attac… | |||
| CVE-2016-9470 | critical | 9.0 | 9.0 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables … | |||
| CVE-2016-10127 | critical | 9.0 | 9.0 | 9y ago | PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. | |||
| CVE-2016-5528 | critical | 9.0 | 9.0 | 10y ago | Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vuln… | |||
| CVE-2016-3609 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via… | |||
| CVE-2016-3454 | critical | 9.0 | 9.0 | 10y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknow… | |||
| CVE-2016-0499 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2016-9111 | medium | 6.8 | 7.8 | 10y ago | Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection o… | |||
| CVE-2016-5304 | medium | 6.8 | 7.8 | 10y ago | Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites… | |||
| CVE-2016-8769 | medium | 6.7 | 7.7 | 9y ago | Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file … | |||
| CVE-2016-10504 | medium | 6.5 | 7.5 | 9y ago | Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp f… | |||
| CVE-2016-5312 | medium | 6.5 | 7.5 | 9y ago | Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10.6.2 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the sn paramete… | |||
| CVE-2016-6897 | medium | 6.5 | 7.5 | 10y ago | Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio… | |||
| CVE-2016-9951 | medium | 6.5 | 7.5 | 10y ago | An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user click… | |||
| CVE-2016-7237 | medium | 6.5 | 7.5 | 10y ago | Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win… | |||
| CVE-2016-6435 | medium | 6.5 | 7.5 | 10y ago | The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376. | |||
| CVE-2016-0772 | medium | 6.5 | 7.5 | 10y ago | The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypa… | |||
| CVE-2016-3542 | medium | 6.5 | 7.5 | 10y ago | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentia… | |||
| CVE-2016-0169 | medium | 6.5 | 7.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |||
| CVE-2016-0168 | medium | 6.5 | 7.5 | 10y ago | GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attacke… | |||
| CVE-2016-1595 | medium | 6.5 | 7.5 | 10y ago | LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection att… | |||
| CVE-2016-1594 | medium | 6.5 | 7.5 | 10y ago | Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via … | |||
| CVE-2016-0784 | medium | 6.5 | 7.5 | 10y ago | Apache OpenMeetings Directory Traversal vulnerability | |||
| CVE-2016-0120 | medium | 6.5 | 7.5 | 10y ago | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and… | |||
| CVE-2016-0862 | medium | 6.5 | 7.5 | 11y ago | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vec… | |||
| CVE-2016-3116 | medium | 6.4 | 7.4 | 10y ago | CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data. | |||
| CVE-2016-3115 | medium | 6.4 | 7.4 | 10y ago | Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, re… | |||
| CVE-2016-0492 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integ… | |||
| CVE-2016-0491 | medium | — | 7.4 | 11y ago | Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availabilit… | |||
| CVE-2016-8025 | medium | 6.2 | 7.2 | 9y ago | SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request paramete… | |||
| CVE-2016-1885 | medium | 6.2 | 7.2 | 10y ago | Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service… | |||
| CVE-2016-0049 | medium | 6.2 | 7.2 | 10y ago | Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate passw… | |||
| CVE-2016-9834 | medium | 6.1 | 7.1 | 9y ago | An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is … | |||
| CVE-2016-1915 | medium | 6.1 | 7.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale pa… | |||
| CVE-2016-8855 | medium | 6.1 | 7.1 | 9y ago | Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or … | |||
| CVE-2016-8019 | medium | 6.1 | 7.1 | 9y ago | Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script o… | |||
| CVE-2016-4316 | medium | 6.1 | 7.1 | 9y ago | WSO2 Carbon vulnerable to Cross-site Scripting | |||
| CVE-2016-6283 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.a… | |||
| CVE-2016-3411 | medium | 6.1 | 7.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609. | |||
| CVE-2016-6854 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script cod… | |||
| CVE-2016-6853 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on … | |||
| CVE-2016-6851 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks aga… | |||
| CVE-2016-5740 | medium | 6.1 | 7.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's l… |