IDCVSSSummaryLast (major) updatePublished
CVE-2016-5721 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
29-08-2016 - 17:59 29-08-2016 - 17:59
CVE-2015-5399 3.5
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
26-08-2016 - 20:59 26-08-2016 - 20:59
CVE-2016-5683 4.6
ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file.
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5664 5.0
Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5663 4.3
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parame
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5662 7.2
Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5050 7.5
Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file.
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5049 5.0
Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the SESID parameter in conjunction with a filename in the FNAME parameter.
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5048 7.5
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4378 5.0
The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor, and (5) Hitachi Automation Director (HAD) components in HPE XP P9000 Command View Advanced Edition Software before 8.4.1-00 and XP7 Command View Adv
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4270 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4269 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4268 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4267 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4266 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4265 10.0
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-4119 10.0
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of se
26-08-2016 - 19:59 26-08-2016 - 19:59
CVE-2016-5383 6.5
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
26-08-2016 - 14:59 26-08-2016 - 14:59
CVE-2016-5023 5.0
Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 through 11.5.4, 11.6.0 HF5 through HF7, and 12.0.0, when configured with a TCP profile, allow remote attackers to cause a denial of service (Traffic Manage
26-08-2016 - 14:59 26-08-2016 - 14:59
CVE-2016-1497 4.0
The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manag
26-08-2016 - 14:59 26-08-2016 - 14:59
CVE-2016-6369 7.2
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
25-08-2016 - 21:59 25-08-2016 - 21:59
CVE-2016-5681 9.3
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A
25-08-2016 - 21:59 25-08-2016 - 21:59
CVE-2016-5673 5.0
UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number.
25-08-2016 - 21:59 25-08-2016 - 21:59
CVE-2016-4657 6.8
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
25-08-2016 - 21:59 25-08-2016 - 21:59
CVE-2016-4656 9.3
The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
25-08-2016 - 21:59 25-08-2016 - 21:59
CVE-2016-4655 7.1
The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.
25-08-2016 - 21:59 25-08-2016 - 21:59
CVE-2016-6231 4.3
Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
25-08-2016 - 18:59 25-08-2016 - 18:59
CVE-2016-4069 6.8
Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service (disk consumption) via unspecified ve
25-08-2016 - 18:59 25-08-2016 - 18:59
CVE-2016-7089 7.2
WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN.
24-08-2016 - 19:59 24-08-2016 - 19:59
CVE-2016-6909 10.0
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.
24-08-2016 - 16:30 24-08-2016 - 16:30
CVE-2016-5812 2.1
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cleartext password storage, which makes it easier for local users to obtain sensitive information by reading a configuration file.
24-08-2016 - 02:00 24-08-2016 - 02:00
CVE-2016-5799 10.0
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
24-08-2016 - 02:00 24-08-2016 - 02:00
CVE-2016-5650 5.0
ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value.
24-08-2016 - 02:00 24-08-2016 - 02:00
CVE-2016-5645 7.5
Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leve
24-08-2016 - 02:00 24-08-2016 - 02:00
CVE-2016-5081 10.0
ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for remote attackers to obtain access via a TELNET session.
24-08-2016 - 02:00 24-08-2016 - 02:00
CVE-2016-6365 4.3
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur2
23-08-2016 - 02:11 23-08-2016 - 02:11
CVE-2016-6364 5.0
The User Data Services (UDS) API implementation in Cisco Unified Communications Manager 11.5 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified API calls, aka Bug ID CSCux67855.
23-08-2016 - 02:11 23-08-2016 - 02:11
CVE-2016-6355 7.8
Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux267
23-08-2016 - 02:11 23-08-2016 - 02:11
CVE-2016-1484 5.0
Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.
23-08-2016 - 02:10 23-08-2016 - 02:10
CVE-2016-1477 4.0
Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891.
23-08-2016 - 02:10 23-08-2016 - 02:10
CVE-2016-6363 6.1
The rate-limit feature in the 802.11 protocol implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via crafted 802.
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-6362 7.2
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-6361 6.1
The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.121.0 and 8.3.x before 8.3.102.0 allows remote attackers to cause a denial of service (device reload) via a crafted AM
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-6359 4.3
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-5817 7.5
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-4377 7.6
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-4376 7.8
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors.
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-1485 4.3
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-1479 7.8
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
22-08-2016 - 10:59 22-08-2016 - 10:59
CVE-2016-1476 3.5
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
22-08-2016 - 10:59 22-08-2016 - 10:59
Back to Top Mark selected
Back to Top