{"vulnerability": "cve-2016-1073", "sightings": [{"uuid": "243eb2e7-a809-46d6-90eb-b5bf584e7dab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10736", "type": "seen", "source": "https://t.me/cibsecurity/2039", "content": "ATENTION\u203c New - CVE-2016-10736 (social_pug)\n\nThe \"Social Pug - Easy Social Share Buttons\" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-15T18:57:34.000000Z"}, {"uuid": "7a7b6a99-aebc-446c-90c3-1090c43ff43e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10735", "type": "seen", "source": "https://gist.github.com/jatinjindalj/dbedf7dbe9ce357d8d404af1861f60f9", "content": "", "creation_timestamp": "2025-03-19T01:19:31.000000Z"}, {"uuid": "4af996a3-cf1b-4b95-8d24-17b9dd7547a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10735", "type": "published-proof-of-concept", "source": "Telegram/OfnIDPmAFs0rAOlHw_eXR0j7Vkoel5eBSFNWkjtXQVWONMM", "content": "", "creation_timestamp": "2025-07-21T15:00:06.000000Z"}, {"uuid": "f97cb434-ca1b-442f-acf6-00bdfb54534b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10735", "type": "seen", "source": "Telegram/PUYvFWl_eGvhvTPv3ZlC0zRSIrEJDRVSL7e-LmiKULxekvI", "content": "", "creation_timestamp": "2024-08-28T20:05:46.000000Z"}, {"uuid": "9cedc54c-e9e2-4b66-96bf-643594fa8507", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10738", "type": "seen", "source": "https://t.me/cibsecurity/2053", "content": "ATENTION\u203c New - CVE-2016-10738\n\nZenbership v107 has CSRF via admin/cp-functions/event-add.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-16T07:32:16.000000Z"}, {"uuid": "c50ab6ec-51f9-49d2-8590-1e28a591449a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10737", "type": "seen", "source": "https://t.me/cibsecurity/2054", "content": "ATENTION\u203c New - CVE-2016-10737\n\nSerendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-16T07:32:17.000000Z"}, {"uuid": "890718d2-501a-482e-b0bf-d7728e6ed08d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10734", "type": "seen", "source": "https://t.me/cibsecurity/903", "content": "ATENTION\u203c New - CVE-2016-10734\n\nProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-10-29T15:23:20.000000Z"}, {"uuid": "81fb67e4-04e7-4274-a7c7-33fdb45590c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10739", "type": "seen", "source": "https://t.me/cibsecurity/2153", "content": "ATENTION\u203c New - CVE-2016-10739\n\nIn the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-21T22:21:11.000000Z"}, {"uuid": "74ebde63-32b2-43c7-bce9-f36c0aaca622", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10733", "type": "seen", "source": "https://t.me/cibsecurity/904", "content": "ATENTION\u203c New - CVE-2016-10733\n\nProjectSend (formerly cFTP) r582 allows directory traversal via file=../ in the process-zip-download.php query string.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-10-29T15:23:21.000000Z"}, {"uuid": "0a25c774-586d-4b95-982f-71ff741514dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10732", "type": "seen", "source": "https://t.me/cibsecurity/905", "content": "ATENTION\u203c New - CVE-2016-10732\n\nProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-10-29T15:23:21.000000Z"}, {"uuid": "aca1f58c-3faf-4ec0-9fcd-53b67df43ad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10731", "type": "seen", "source": "https://t.me/cibsecurity/906", "content": "ATENTION\u203c New - CVE-2016-10731\n\nProjectSend (formerly cFTP) r582 allows SQL injection via manage-files.php with the request parameter status, manage-files.php with the request parameter files, clients.php with the request parameter selected_clients, clients.php with the request parameter status, process-zip-download.php with the request parameter file, or home-log.php with the request parameter action.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-10-29T15:23:22.000000Z"}, {"uuid": "2d68e332-4888-4dbe-b011-1ef9b788c572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10736", "type": "seen", "source": "https://t.me/cibsecurity/1962", "content": "ATENTION\u203c New - CVE-2016-10736\n\nThe \"Social Pug - Easy Social Share Buttons\" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-10T02:58:17.000000Z"}, {"uuid": "2e696afc-e9b7-4c36-873b-2824ae142dca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10735", "type": "seen", "source": "https://t.me/cibsecurity/1927", "content": "ATENTION\u203c New - CVE-2016-10735\n\nIn Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2019-01-09T08:48:33.000000Z"}, {"uuid": "44e67f5a-6a19-4f56-b0db-3dc90a5c357d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2016-10730", "type": "seen", "source": "https://t.me/cibsecurity/840", "content": "ATENTION\u203c New - CVE-2016-10730\n\nAn issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2018-10-25T00:21:15.000000Z"}]}