243401
|
8.8 |
HIGH
ネットワーク
|
mozilla
|
firefox
|
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site tha…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-1949
|
2016-12-6 12:07 |
2016-02-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243402
|
7.5 |
HIGH
ネットワーク
privoxy
|
privoxy
|
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.
|
CWE-20
不適切な入力確認
|
CVE-2016-1982
|
2016-12-6 12:07 |
2016-01-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243403
|
7.5 |
HIGH
ネットワーク
privoxy
|
privoxy
|
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header.
|
CWE-20
不適切な入力確認
|
CVE-2016-1983
|
2016-12-6 12:07 |
2016-01-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243404
|
9.8 |
CRITICAL
ネットワーク
harman
|
amx_firmware
|
The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access v…
|
CWE-255
証明書・パスワード管理
|
CVE-2016-1984
|
2016-12-6 12:07 |
2016-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243405
|
5.9 |
MEDIUM
ネットワーク
|
hp
|
hp-ux_ipfilter
|
HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state configuration is enabled, allows remote attackers to cause a denial of service via unspecified UDP packets.
|
CWE-20
不適切な入力確認
|
CVE-2016-1987
|
2016-12-6 12:07 |
2016-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243406
|
6.5 |
MEDIUM
ネットワーク
|
gnu debian
|
cpio debian_linux
|
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
|
CWE-119
バッファエラー
|
CVE-2016-2037
|
2016-12-6 12:07 |
2016-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243407
|
5.3 |
MEDIUM
ネットワーク
adobe
|
connect
|
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
|
CWE-254 CWE-20
セキュリティ機能 不適切な入力確認
|
CVE-2016-0950
|
2016-12-6 12:06 |
2016-02-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243408
|
8.8 |
HIGH
ネットワーク
|
cisco
|
application_control_engine_software
|
The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with …
|
CWE-78
OSコマンド・インジェクション
|
CVE-2016-1297
|
2016-12-6 12:06 |
2016-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243409
|
8.8 |
HIGH
ネットワーク
|
cisco
|
prime_security_manager asa_cx_context-aware_security_software
|
The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to c…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-1301
|
2016-12-6 12:06 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243410
|
8.8 |
HIGH
ネットワーク
|
cisco
|
application_policy_infrastructure_controller nx-os
|
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11…
|
CWE-284
不適切なアクセス制御
|
CVE-2016-1302
|
2016-12-6 12:06 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243411
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
unity_connection
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1304
|
2016-12-6 12:06 |
2016-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243412
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
application_policy_infrastructure_controller_enterprise_module
|
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vecto…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1305
|
2016-12-6 12:06 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243413
|
5.4 |
MEDIUM
ネットワーク
|
cisco
|
finesse unified_contact_center_express
|
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an…
|
CWE-287 CWE-255
不適切な認証 証明書・パスワード管理
|
CVE-2016-1307
|
2016-12-6 12:06 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243414
|
6.5 |
MEDIUM
ネットワーク
|
cisco
|
unified_communications_manager
|
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.
|
CWE-89
SQLインジェクション
|
CVE-2016-1308
|
2016-12-6 12:06 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243415
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
webex_meetings_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1309
|
2016-12-6 12:06 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243416
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
unity_connection
|
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1310
|
2016-12-6 12:06 |
2016-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243417
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
jabber_guest
|
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, ak…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1311
|
2016-12-6 12:06 |
2016-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243418
|
5.3 |
MEDIUM
ネットワーク
cisco
|
telepresence_video_communication_server_software
|
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct r…
|
CWE-200
情報漏えい
|
CVE-2016-1316
|
2016-12-6 12:06 |
2016-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243419
|
4.3 |
MEDIUM
ネットワーク
|
cisco
|
unified_communications_manager
|
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL…
|
CWE-200
情報漏えい
|
CVE-2016-1317
|
2016-12-6 12:06 |
2016-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243420
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
application_policy_infrastructure_controller_enterprise_module
|
Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via craft…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1318
|
2016-12-6 12:06 |
2016-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243421
|
5.3 |
MEDIUM
ネットワーク
cisco
|
unified_communications_manager_im_and_presence_service unified_contact_center_express unified_communications_manager unity_connection
|
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified C…
|
CWE-200
情報漏えい
|
CVE-2016-1319
|
2016-12-6 12:06 |
2016-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243422
|
5.8 |
MEDIUM
ネットワーク
cisco
|
universal_small_cell_firmware
|
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature a…
|
CWE-200
情報漏えい
|
CVE-2016-1321
|
2016-12-6 12:06 |
2016-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243423
|
6.5 |
MEDIUM
隣接
|
cisco
|
ios
|
Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote attackers to cause a denial of service (device reload) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuy27746.
|
CWE-399
リソース管理の問題
|
CVE-2016-1330
|
2016-12-6 12:06 |
2016-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243424
|
6.1 |
MEDIUM
ネットワーク
|
cisco
|
emergency_responder
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID C…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-1331
|
2016-12-6 12:06 |
2016-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243425
|
6.5 |
MEDIUM
ネットワーク
|
cisco
|
ios
|
Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers allows remote authenticated users to cause a denial of service (device reload) via an SNMP request for unspecified BRIDGE MIB OI…
|
CWE-399
リソース管理の問題
|
CVE-2016-1333
|
2016-12-6 12:06 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243426
|
5.3 |
MEDIUM
ネットワーク
cisco
|
small_business_wireless_access_points_firmware
|
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
|
CWE-20
不適切な入力確認
|
CVE-2016-1334
|
2016-12-6 12:06 |
2016-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243427
|
9.8 |
CRITICAL
ネットワーク
cisco
|
nx-os
|
Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID …
|
CWE-255 CWE-264
証明書・パスワード管理 認可・権限・アクセス制御
|
CVE-2016-1341
|
2016-12-6 12:06 |
2016-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243428
|
6.8 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (…
|
CWE-200 CWE-362 NVD-CWE-Other
情報漏えい 競合状態
|
CVE-2016-0723
|
2016-12-6 12:05 |
2016-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243429
|
6.8 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
|
CWE-200 CWE-362 NVD-CWE-Other
情報漏えい 競合状態
|
CVE-2016-0723
|
2016-12-6 12:05 |
2016-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243430
|
5.3 |
MEDIUM
ネットワーク
prosody
|
prosody
|
The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network…
|
CWE-20
不適切な入力確認
|
CVE-2016-0756
|
2016-12-6 12:05 |
2016-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243431
|
7.5 |
HIGH
ネットワーク
advantech
|
webaccess
|
Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess before 8.1 allows remote attackers to cause a denial of service via a crafted RPC request.
|
CWE-119
バッファエラー
|
CVE-2016-0860
|
2016-12-6 12:05 |
2016-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243432
|
8.8 |
HIGH
ネットワーク
|
adobe
|
connect
|
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2016-0948
|
2016-12-6 12:05 |
2016-02-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243433
|
9.8 |
CRITICAL
ネットワーク
adobe
|
connect
|
Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL.
|
NVD-CWE-noinfo
|
CVE-2016-0949
|
2016-12-6 12:05 |
2016-02-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243434
|
10.0 |
CRITICAL
ネットワーク
radicale
|
radicale
|
The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
|
CWE-20
不適切な入力確認
|
CVE-2015-8747
|
2016-12-6 12:04 |
2016-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243435
|
5.3 |
MEDIUM
ネットワーク
radicale
|
radicale
|
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-8748
|
2016-12-6 12:04 |
2016-02-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243436
|
4.3 |
MEDIUM
|
dojotoolkit
|
dojo
|
Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-5654
|
2016-12-6 12:03 |
2015-10-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243437
|
7.4 |
HIGH
ローカル
|
rarlab
|
winrar
|
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the u…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-5663
|
2016-12-6 12:03 |
2015-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243438
|
7.5 |
HIGH
ネットワーク
cisco
|
nx-os
|
Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with …
|
CWE-399
リソース管理の問題
|
CVE-2015-6398
|
2016-12-6 12:03 |
2016-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243439
|
5.3 |
MEDIUM
ネットワーク
ibm
|
integration_bus websphere_message_broker
|
IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before 9.0.0.3 and 10 before 10.0.0.0 allow remote attackers to obtain sensitive information about the HTT…
|
CWE-200
情報漏えい
|
CVE-2015-7399
|
2016-12-6 12:03 |
2016-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243440
|
7.5 |
HIGH
ネットワーク
symantec
|
encryption_management_server
|
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.
|
CWE-200
情報漏えい
|
CVE-2015-8148
|
2016-12-6 12:03 |
2016-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243441
|
7.5 |
HIGH
ネットワーク
symantec
|
encryption_management_server
|
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted request…
|
CWE-119
バッファエラー
|
CVE-2015-8149
|
2016-12-6 12:03 |
2016-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
243442
|
7.8 |
HIGH
ローカル
|
symantec
|
encryption_management_server
|
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2015-8150
|
2016-12-6 12:03 |
2016-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243443
|
9.1 |
CRITICAL
ネットワーク
|
symantec
|
encryption_management_server
|
Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2015-8151
|
2016-12-6 12:03 |
2016-02-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243444
|
5.0 |
MEDIUM
|
debian phpmailer_project
|
debian_linux phpmailer
|
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow attackers to inject arbitrary SMTP commands via CRLF sequences in an (1) email address to the validateAddress function in clas…
|
CWE-20
不適切な入力確認
|
CVE-2015-8476
|
2016-12-6 12:03 |
2015-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243445
|
10.0 |
HIGH
|
wavelink
|
terminal_emulation
|
Heap-based buffer overflow in the License Server (LicenseServer.exe) in Wavelink Terminal Emulation (TE) allows remote attackers to execute arbitrary code via a large HTTP header.
|
CWE-119
バッファエラー
|
CVE-2015-4059
|
2016-12-6 12:02 |
2015-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243446
|
10.0 |
HIGH
|
wavelink
|
connectpro
|
Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) service in Wavelink ConnectPro allows remote attackers to execute arbitrary code via a large HTTP header.
|
CWE-119
バッファエラー
|
CVE-2015-4060
|
2016-12-6 12:02 |
2015-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243447
|
10.0 |
HIGH
|
dell
|
netvault_backup
|
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which trig…
|
CWE-189
数値処理の問題
|
CVE-2015-4067
|
2016-12-6 12:02 |
2015-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243448
|
7.8 |
HIGH
|
arcserve
|
arcserve_unified_data_protection
|
The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolic…
|
CWE-200
情報漏えい
|
CVE-2015-4069
|
2016-12-6 12:02 |
2015-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243449
|
3.5 |
LOW
|
arubanetworks
|
clearpass_policy_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified v…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2015-4132
|
2016-12-6 12:02 |
2015-05-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243450
|
7.5 |
HIGH
|
milw0rm_project
|
milw0rm_clone_script
|
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
|
CWE-89
SQLインジェクション
|
CVE-2015-4137
|
2016-12-6 12:02 |
2015-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|