Filtered by vendor
Subscriptions
Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-6629 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
CVE-2016-6628 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
CVE-2016-6626 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
CVE-2016-6624 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
CVE-2016-6597 | 1 Sophos | 1 Mobile Control Eas Proxy | 2024-11-21 | N/A |
Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability. | ||||
CVE-2016-6594 | 1 Bluecoat | 3 Advanced Secure Gateway, Cacheflow, Proxysg | 2024-11-21 | N/A |
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | ||||
CVE-2016-6582 | 1 Doorkeeper Project | 1 Doorkeeper | 2024-11-21 | N/A |
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. | ||||
CVE-2016-6497 | 1 Apache | 1 Groovy Ldap | 2024-11-21 | 7.5 High |
main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods. | ||||
CVE-2016-6493 | 1 Citrix | 2 Xenapp, Xendesktop | 2024-11-21 | N/A |
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | ||||
CVE-2016-6460 | 1 Cisco | 1 Firesight System Software | 2024-11-21 | N/A |
A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass FTP malware detection rules and download malware over an FTP connection. Cisco Firepower System Software is affected when the device has a file policy with malware block configured for FTP connections. More Information: CSCuv36188 CSCuy91156. Known Affected Releases: 5.4.0.2 5.4.1.1 5.4.1.6 6.0.0 6.1.0 6.2.0. Known Fixed Releases: 6.0.0. | ||||
CVE-2016-6340 | 1 Redhat | 2 Enterprise Linux, Quickstart Cloud Installer | 2024-11-21 | N/A |
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | ||||
CVE-2016-6271 | 1 Bzrtp Project | 1 Bzrtp | 2024-11-21 | N/A |
The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception. | ||||
CVE-2016-5949 | 1 Ibm | 1 Kenexa Lcms Premier | 2024-11-21 | N/A |
IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request. | ||||
CVE-2016-5933 | 1 Ibm | 1 Tivoli Monitoring | 2024-11-21 | N/A |
IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. IBM Reference #: 1997223. | ||||
CVE-2016-5898 | 1 Ibm | 1 Jazz Reporting Service | 2024-11-21 | N/A |
IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information. | ||||
CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2024-11-21 | N/A |
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | ||||
CVE-2016-5763 | 1 Novell | 2 Open Enterprise Server 11, Open Enterprise Server 2015 | 2024-11-21 | N/A |
Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update 10991, OES11 SP2 before Scheduled Maintenance Update 10989) might allow authenticated remote attackers to perform unauthorized file access and modification. | ||||
CVE-2016-5702 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI. | ||||
CVE-2016-5623 | 1 Oracle | 1 Flexcube Private Banking | 2024-11-21 | N/A |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). | ||||
CVE-2016-5545 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | N/A |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). |