Total
2806 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-1000032 | 1 Python | 1 Tgcaptcha2 | 2024-08-06 | N/A |
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. | ||||
CVE-2016-1000031 | 1 Apache | 1 Commons Fileupload | 2024-08-06 | N/A |
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | ||||
CVE-2016-10860 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | ||||
CVE-2016-10830 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | ||||
CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | ||||
CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | ||||
CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | ||||
CVE-2016-10802 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | ||||
CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | ||||
CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | ||||
CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | ||||
CVE-2016-10792 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | ||||
CVE-2016-10370 | 1 Oneplus | 2 Oneplus 3t, Oxygenos | 2024-08-06 | N/A |
An issue was discovered on OnePlus devices such as the 3T. The OnePlus OTA Updater pushes the signed-OTA image over HTTP without TLS. While it does not allow for installation of arbitrary OTAs (due to the digital signature), it unnecessarily increases the attack surface, and allows for remote exploitation of other vulnerabilities such as CVE-2017-5948, CVE-2017-8850, and CVE-2017-8851. | ||||
CVE-2016-10334 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, a dynamically-protected DDR region could potentially get overwritten. | ||||
CVE-2016-10333 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS. | ||||
CVE-2016-10335 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, libtomcrypt was updated. | ||||
CVE-2016-10237 | 1 Google | 1 Android | 2024-08-06 | N/A |
If shared content protection memory were passed as the secure camera memory buffer by the HLOS to a trusted application (TA) in all Android releases from CAF using the Linux kernel, the TA would not detect an issue and it would be treated as secure memory. | ||||
CVE-2016-10223 | 1 Bigtreecms | 1 Bigtree Cms | 2024-08-06 | N/A |
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | ||||
CVE-2016-10193 | 1 Espeak-ruby Project | 1 Espeak-ruby | 2024-08-06 | N/A |
The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb. | ||||
CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2024-08-06 | N/A |
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. |