|
245851
|
5.3 |
MEDIUM
ネットワーク
plone
|
plone
|
Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2016-4042
|
2017-02-28 00:38 |
2017-02-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245852
|
7.3 |
HIGH
ネットワーク
plone
|
plone
|
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2016-4041
|
2017-02-28 00:37 |
2017-02-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245853
|
9.8 |
CRITICAL
ネットワーク
froxlor
|
froxlor
|
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
|
CWE-330
不十分なランダム値の使用
|
CVE-2016-5100
|
2017-02-25 06:14 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245854
|
7.5 |
HIGH
ネットワーク
nlnetlabs
|
nsd
|
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
|
CWE-399
リソース管理の問題
|
CVE-2016-6173
|
2017-02-25 06:14 |
2017-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245855
|
7.5 |
HIGH
ネットワーク
netapp
|
clustered_data_ontap
|
NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors.
|
CWE-200
情報漏えい
|
CVE-2016-4341
|
2017-02-25 06:04 |
2017-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245856
|
7.3 |
HIGH
ネットワーク
netapp
|
snapcenter_server
|
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2016-1502
|
2017-02-25 05:21 |
2017-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245857
|
9.8 |
CRITICAL
ネットワーク
ffmpeg
|
ffmpeg
|
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failur…
|
CWE-119
バッファエラー
|
CVE-2016-10192
|
2017-02-25 05:20 |
2017-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245858
|
9.8 |
CRITICAL
ネットワーク
netapp
|
oncommand_unified_manager_for_clustered_data_ontap
|
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-6667
|
2017-02-25 04:31 |
2017-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245859
|
5.9 |
MEDIUM
ネットワーク
|
openntpd
|
openntpd
|
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid…
|
CWE-254
セキュリティ機能
|
CVE-2016-5117
|
2017-02-25 04:26 |
2017-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245860
|
5.9 |
MEDIUM
ネットワーク
|
netapp
|
data_ontap
|
NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access.
|
CWE-200
情報漏えい
|
CVE-2016-6495
|
2017-02-25 03:52 |
2017-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245861
|
9.1 |
CRITICAL
ネットワーク
fortinet
|
fortiwlc
|
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell.
|
CWE-798
ハードコードされた認証情報の使用
|
CVE-2016-8491
|
2017-02-25 03:47 |
2017-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245862
|
9.8 |
CRITICAL
ネットワーク
netapp
|
virtual_storage_console_for_vmware_vsphere
|
NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2016-5711
|
2017-02-25 03:40 |
2017-02-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245863
|
6.6 |
MEDIUM
ネットワーク
|
puppetlabs
|
mcollective-puppet-agent
|
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.
|
CWE-254
セキュリティ機能
|
CVE-2015-7331
|
2017-02-25 03:35 |
2017-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245864
|
10.0 |
CRITICAL
ネットワーク
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vuln…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2017-5145
|
2017-02-24 22:29 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245865
|
7.5 |
HIGH
ネットワーク
carlosgavazzi
|
vmu-c_em_firmware
vmu-c_pv_firmware
|
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
|
CWE-200
情報漏えい
|
CVE-2017-5146
|
2017-02-24 22:27 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245866
|
5.4 |
MEDIUM
ネットワーク
|
ibm
|
rational_doors_next_generation
rational_requirements_composer
|
IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-6055
|
2017-02-24 22:25 |
2017-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245867
|
5.3 |
MEDIUM
ネットワーク
moxa
|
miineport_e1_firmware
miineport_e2_firmware
miineport_e3_firmware
|
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted.
|
CWE-310
暗号の問題
|
CVE-2016-9346
|
2017-02-24 04:44 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245868
|
7.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and…
|
CWE-129
配列インデックスの不適切な検証
|
CVE-2017-0322
|
2017-02-24 04:30 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245869
|
7.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service …
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2017-0323
|
2017-02-24 04:30 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245870
|
7.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading…
|
CWE-119
バッファエラー
|
CVE-2017-0324
|
2017-02-24 04:30 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245871
|
7.5 |
HIGH
ネットワーク
moxa
|
edr-810_firmware
|
An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log fi…
|
CWE-532
ログファイルからの情報漏えい
|
CVE-2016-8346
|
2017-02-24 04:27 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245872
|
7.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un…
|
CWE-119
バッファエラー
|
CVE-2017-0314
|
2017-02-24 04:26 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245873
|
7.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may le…
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2017-0315
|
2017-02-24 04:26 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245874
|
7.5 |
HIGH
ネットワーク
moxa
|
miineport_e1_firmware
miineport_e2_firmware
miineport_e3_firmware
|
An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able …
|
CWE-532
ログファイルからの情報漏えい
|
CVE-2016-9344
|
2017-02-24 04:25 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245875
|
5.5 |
MEDIUM
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.
|
CWE-20
不適切な入力確認
|
CVE-2017-0318
|
2017-02-24 04:08 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245876
|
8.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or poten…
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2017-0321
|
2017-02-24 04:06 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245877
|
8.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation l…
|
CWE-119
バッファエラー
|
CVE-2017-0308
|
2017-02-24 04:04 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245878
|
8.8 |
HIGH
ローカル
|
nvidia
|
gpu_driver
|
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service…
|
CWE-190
整数オーバーフローまたはラップアラウンド
|
CVE-2017-0309
|
2017-02-24 04:04 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245879
|
6.1 |
MEDIUM
ネットワーク
|
html5lib
|
html5lib
|
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-9909
|
2017-02-24 03:56 |
2017-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245880
|
6.1 |
MEDIUM
ネットワーク
|
html5lib
|
html5lib
|
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a differen…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-9910
|
2017-02-24 03:56 |
2017-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245881
|
7.5 |
HIGH
ネットワーク
fidelex
|
fx-2030a_firmware
fx-2030a-basic_firmware
|
An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the …
|
CWE-22
パス・トラバーサル
|
CVE-2016-9364
|
2017-02-24 03:53 |
2017-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245882
|
8.8 |
HIGH
ネットワーク
|
simplemachines
|
simple_machines_forum
|
LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input…
|
CWE-94
コード・インジェクション
|
CVE-2016-5727
|
2017-02-24 03:25 |
2017-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245883
|
9.8 |
CRITICAL
ネットワーク
modified
|
ecommerce_shopsoftware
|
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands vi…
|
CWE-89
SQLインジェクション
|
CVE-2016-3694
|
2017-02-24 03:20 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245884
|
9.8 |
CRITICAL
ネットワーク
simplemachines
|
simple_machines_forum
|
Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.
|
CWE-94
コード・インジェクション
|
CVE-2016-5726
|
2017-02-24 03:20 |
2017-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245885
|
7.5 |
HIGH
ネットワーク
debian
dicom
|
debian_linux
dcmtk
|
Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long …
|
CWE-119
バッファエラー
|
CVE-2015-8979
|
2017-02-24 03:17 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245886
|
7.8 |
HIGH
ローカル
|
gomlab
|
gom_player
|
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
|
CWE-119
バッファエラー
|
CVE-2017-5881
|
2017-02-24 00:59 |
2017-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245887
|
5.4 |
MEDIUM
ネットワーク
|
intersect_alliance
|
snare_epilog
|
Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name paramete…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2017-5998
|
2017-02-24 00:09 |
2017-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245888
|
5.5 |
MEDIUM
ローカル
|
faststone
|
maxview
|
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
|
CWE-20
不適切な入力確認
|
CVE-2017-6078
|
2017-02-23 23:59 |
2017-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245889
|
5.3 |
MEDIUM
ネットワーク
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
|
CWE-200
情報漏えい
|
CVE-2017-6072
|
2017-02-23 23:56 |
2017-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245890
|
9.8 |
CRITICAL
ネットワーク
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
|
CWE-200
情報漏えい
|
CVE-2017-6070
|
2017-02-23 23:55 |
2017-02-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245891
|
8.8 |
HIGH
ネットワーク
|
metalgenix
|
genixcms
|
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
|
CWE-89
SQLインジェクション
|
CVE-2017-6065
|
2017-02-23 23:53 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245892
|
5.5 |
MEDIUM
ローカル
|
imagemagick
|
imagemagick
|
The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the…
|
CWE-125
境界外読み取り
|
CVE-2016-8678
|
2017-02-23 04:12 |
2017-02-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245893
|
5.9 |
MEDIUM
ネットワーク
|
dovecot
|
dovecot
|
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
|
CWE-20
不適切な入力確認
|
CVE-2016-8652
|
2017-02-23 04:11 |
2017-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245894
|
4.7 |
MEDIUM
ネットワーク
|
mantisbt
|
mantisbt
|
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via u…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-7111
|
2017-02-23 03:26 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245895
|
9.8 |
CRITICAL
ネットワーク
facebook
|
hhvm
|
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
|
NVD-CWE-Other
|
CVE-2016-6874
|
2017-02-23 03:25 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245896
|
9.8 |
CRITICAL
ネットワーク
facebook
|
hhvm
|
<a href="http://cwe.mitre.org/data/definitions/674.html">CWE-674: Uncontrolled Recursion</a>
|
NVD-CWE-Other
|
CVE-2016-6874
|
2017-02-23 03:25 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245897
|
9.8 |
CRITICAL
ネットワーク
facebook
|
hhvm
|
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
|
NVD-CWE-Other
|
CVE-2016-6875
|
2017-02-23 03:25 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245898
|
9.8 |
CRITICAL
ネットワーク
facebook
|
hhvm
|
<a href="http://cwe.mitre.org/data/definitions/674.html">CWE-674: Uncontrolled Recursion</a>
|
NVD-CWE-Other
|
CVE-2016-6875
|
2017-02-23 03:25 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
245899
|
4.3 |
MEDIUM
ネットワーク
|
inverse-inc
|
sogo
|
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the…
|
CWE-200
情報漏えい
|
CVE-2016-6190
|
2017-02-23 03:00 |
2017-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245900
|
6.1 |
MEDIUM
ネットワーク
|
ibm
|
resilient
|
IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2016-6062
|
2017-02-23 02:54 |
2017-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
