Search Results (Refine Search)
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-1555 |
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. Published: April 21, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-10091 |
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function. Published: April 21, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-0721 |
Session fixation vulnerability in pcsd in pcs before 0.9.157. Published: April 21, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2016-0720 |
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Published: April 21, 2017; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-7992 |
Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4846 |
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2016-4841 |
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4840 |
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4832 |
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4830 |
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-4829 |
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1194 |
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-1184 |
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-1148 |
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 4.3 MEDIUM |
CVE-2016-0833 |
Android allows users to cause a denial of service. Published: April 21, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2017-7951 |
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. Published: April 20, 2017; 10:59:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-7409 |
Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. Published: April 20, 2017; 10:59:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7220 |
OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4532. Published: April 20, 2017; 10:59:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2016-4075 |
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. Published: April 20, 2017; 10:59:00 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2017-7990 |
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp. Published: April 20, 2017; 8:59:00 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |