CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2016 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1000217 89 Sql 2016-10-06 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Zotpress plugin for WordPress SQLi in zp_get_account()
2 CVE-2016-1000216 78 2016-10-10 2017-07-07
9.0
None Remote Low ??? Complete Complete Complete
Ruckus Wireless H500 web management interface authenticated command injection
3 CVE-2016-1000215 DoS 2016-10-25 2017-07-07
5.0
None Remote Low Not required None None Partial
Ruckus Wireless H500 web management interface denial of service
4 CVE-2016-1000214 287 Bypass 2016-10-25 2017-07-07
5.0
None Remote Low Not required Partial None None
Ruckus Wireless H500 web management interface authentication bypass
5 CVE-2016-1000213 352 CSRF 2016-10-25 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
Ruckus Wireless H500 web management interface CSRF
6 CVE-2016-1000125 89 Sql 2016-10-06 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
7 CVE-2016-1000124 89 Sql 2016-10-06 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
8 CVE-2016-1000123 89 Sql 2016-10-06 2017-09-06
7.5
None Remote Low Not required Partial Partial Partial
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
9 CVE-2016-1000122 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low ??? Partial Partial Partial
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
10 CVE-2016-1000120 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low ??? Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
11 CVE-2016-1000119 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low ??? Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
12 CVE-2016-1000118 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low ??? Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
13 CVE-2016-1000117 79 XSS 2016-10-21 2017-01-06
6.5
None Remote Low ??? Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
14 CVE-2016-1000116 79 Sql XSS 2016-10-21 2017-03-28
6.5
None Remote Low ??? Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
15 CVE-2016-1000115 79 Sql XSS 2016-10-21 2017-11-13
6.5
None Remote Low ??? Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
16 CVE-2016-1000113 89 Sql XSS 2016-10-06 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
17 CVE-2016-1000112 22 Dir. Trav. 2016-10-06 2020-04-29
9.4
None Remote Low Not required Complete Complete None
Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin
18 CVE-2016-1000032 284 2016-10-25 2017-01-19
5.0
None Remote Low Not required None Partial None
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.
19 CVE-2016-1000031 284 Exec Code 2016-10-25 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
20 CVE-2016-1000009 254 2016-10-06 2018-04-13
5.0
None Remote Low Not required None Partial None
TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices.
21 CVE-2016-1000003 94 Exec Code 2016-10-07 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
22 CVE-2016-1000001 601 2016-10-07 2017-02-19
5.8
None Remote Medium Not required Partial Partial None
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
23 CVE-2016-1000000 89 Sql 2016-10-06 2017-11-03
6.5
None Remote Low ??? Partial Partial Partial
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
24 CVE-2016-9118 119 Overflow 2016-10-30 2020-09-09
5.0
None Remote Low Not required None None Partial
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
25 CVE-2016-9114 476 DoS 2016-10-30 2020-09-09
5.0
None Remote Low Not required None None Partial
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
26 CVE-2016-9113 476 DoS 2016-10-30 2020-09-09
5.0
None Remote Low Not required None None Partial
There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
27 CVE-2016-9112 369 2016-10-29 2020-09-09
5.0
None Remote Low Not required None None Partial
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
28 CVE-2016-9028 254 2016-10-28 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
29 CVE-2016-9017 200 +Info 2016-10-28 2016-11-29
5.0
None Remote Low Not required Partial None None
Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC_dumpfunction function in the jsdump.c component.
30 CVE-2016-8878 125 Exec Code 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
31 CVE-2016-8877 787 Exec Code Overflow 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.
32 CVE-2016-8876 125 Exec Code 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
33 CVE-2016-8867 264 Bypass 2016-10-28 2017-07-28
5.0
None Remote Low Not required Partial None None
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
34 CVE-2016-8666 400 DoS 2016-10-16 2018-01-05
7.8
None Remote Low Not required None None Complete
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
35 CVE-2016-8658 119 DoS Overflow 2016-10-16 2017-01-07
5.6
None Local Low Not required None Partial Complete
Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.
36 CVE-2016-8600 264 2016-10-28 2016-11-28
5.0
None Remote Low Not required None Partial None
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
37 CVE-2016-8598 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.
38 CVE-2016-8597 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.
39 CVE-2016-8596 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.
40 CVE-2016-8582 89 Sql 2016-10-28 2017-09-03
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
41 CVE-2016-8580 284 Exec Code 2016-10-28 2017-09-03
7.5
None Remote Low Not required Partial Partial Partial
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
42 CVE-2016-8565 284 2016-10-13 2017-07-29
6.4
None Remote Low Not required None Partial Partial
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
43 CVE-2016-8564 89 Exec Code Sql 2016-10-13 2017-07-29
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
44 CVE-2016-8563 20 DoS 2016-10-13 2017-07-29
5.0
None Remote Low Not required None None Partial
Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.
45 CVE-2016-8503 254 2016-10-26 2016-12-02
5.0
None Remote Low Not required Partial None None
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
46 CVE-2016-8502 254 2016-10-26 2016-12-02
5.0
None Remote Low Not required Partial None None
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
47 CVE-2016-8501 264 Bypass 2016-10-26 2016-12-02
5.0
None Remote Low Not required Partial None None
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.
48 CVE-2016-8343 22 Dir. Trav. 2016-10-05 2016-12-02
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors.
49 CVE-2016-8339 119 Exec Code Overflow 2016-10-28 2018-08-08
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
50 CVE-2016-8335 119 Exec Code Overflow 2016-10-28 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability.
Total number of vulnerabilities : 441   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.