CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2016(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-2509 200 +Info 2016-02-18 2016-03-23
2.9
None Local Network Medium Not required Partial None None
The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network.
2 CVE-2016-2388 200 +Info 2016-02-16 2021-04-27
5.0
None Remote Low Not required Partial None None
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
3 CVE-2016-2268 310 +Info 2016-02-08 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
4 CVE-2016-2044 200 +Info 2016-02-20 2016-08-17
5.0
None Remote Low Not required Partial None None
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
5 CVE-2016-2042 200 +Info 2016-02-20 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.
6 CVE-2016-2039 200 Bypass +Info CSRF 2016-02-20 2018-10-30
5.0
None Remote Low Not required Partial None None
libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value.
7 CVE-2016-2038 200 +Info 2016-02-20 2018-10-30
5.0
None Remote Low Not required Partial None None
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.
8 CVE-2016-1730 200 +Info 2016-02-01 2016-12-06
5.8
None Remote Medium Not required Partial Partial None
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
9 CVE-2016-1728 200 +Info 2016-02-01 2018-10-09
4.3
None Remote Medium Not required Partial None None
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
10 CVE-2016-1526 119 DoS Overflow +Info 2016-02-13 2018-01-05
5.8
None Remote Medium Not required Partial None Partial
The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
11 CVE-2016-1521 119 DoS Exec Code Overflow +Info 2016-02-13 2017-07-01
6.8
None Remote Medium Not required Partial Partial Partial
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
12 CVE-2016-1342 200 +Info 2016-02-26 2016-03-04
5.0
None Remote Low Not required Partial None None
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
13 CVE-2016-1323 200 +Info 2016-02-12 2016-02-29
4.0
None Remote Low ??? Partial None None
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
14 CVE-2016-1321 200 Bypass +Info 2016-02-15 2016-12-06
5.0
None Remote Low Not required Partial None None
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
15 CVE-2016-1319 200 +Info 2016-02-09 2016-12-06
5.0
None Remote Low Not required Partial None None
Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958.
16 CVE-2016-1317 200 +Info 2016-02-09 2016-12-06
4.0
None Remote Low ??? Partial None None
Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098.
17 CVE-2016-1316 200 +Info 2016-02-09 2016-12-06
5.0
None Remote Low Not required Partial None None
Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.
18 CVE-2016-0958 200 +Info 2016-02-10 2016-02-18
7.8
None Remote Low Not required Complete None None
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
19 CVE-2016-0956 200 +Info 2016-02-10 2018-10-09
7.8
None Remote Low Not required Complete None None
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
20 CVE-2016-0881 74 +Info 2016-02-12 2017-01-11
4.0
None Remote Low ??? Partial None None
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
21 CVE-2016-0864 200 +Info 2016-02-13 2016-05-09
5.0
None Remote Low Not required Partial None None
Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors.
22 CVE-2016-0862 200 +Info 2016-02-05 2018-10-17
4.0
None Remote Low ??? Partial None None
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
23 CVE-2016-0811 200 Overflow Bypass +Info 2016-02-07 2016-03-14
7.8
None Remote Low Not required Complete None None
Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.
24 CVE-2016-0724 264 +Info 2016-02-22 2020-12-01
4.0
None Remote Low ??? Partial None None
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.
25 CVE-2016-0723 200 DoS +Info 2016-02-08 2016-12-06
5.6
None Local Low Not required Partial None Complete
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
26 CVE-2016-0706 200 Bypass +Info 2016-02-25 2019-04-15
4.0
None Remote Low ??? Partial None None
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
27 CVE-2016-0701 200 +Info 2016-02-15 2020-10-20
2.6
None Remote High Not required Partial None None
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
28 CVE-2016-0232 200 +Info 2016-02-15 2016-03-10
4.0
None Remote Low ??? Partial None None
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading README files.
29 CVE-2016-0231 200 +Info 2016-02-15 2016-03-10
4.0
None Remote Low ??? Partial None None
IBM Financial Transaction Manager (FTM) for ACH Services, Check Services and Corporate Payment Services (CPS) 3.0.0 before FP12 allows remote authenticated users to obtain sensitive information by reading exception details in error logs.
30 CVE-2016-0225 200 +Info 2016-02-29 2019-09-30
4.0
None Remote Low ??? Partial None None
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors.
31 CVE-2016-0080 200 Bypass +Info 2016-02-10 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."
32 CVE-2016-0059 200 +Info 2016-02-10 2018-10-12
4.3
None Remote Medium Not required Partial None None
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
33 CVE-2016-0047 200 +Info 2016-02-10 2018-10-12
5.0
None Remote Low Not required Partial None None
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
34 CVE-2015-8629 125 DoS +Info 2016-02-13 2021-02-02
2.1
None Remote High ??? Partial None None
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
35 CVE-2015-8575 200 Bypass +Info 2016-02-08 2017-11-04
2.1
None Local Low Not required Partial None None
The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
36 CVE-2015-8488 200 +Info 2016-02-17 2016-02-22
4.3
None Remote Medium Not required Partial None None
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
37 CVE-2015-8487 200 +Info CSRF 2016-02-17 2016-02-22
2.6
None Remote High Not required Partial None None
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
38 CVE-2015-8361 284 +Info 2016-02-08 2018-10-09
6.4
None Remote Low Not required Partial Partial None
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port.
39 CVE-2015-8269 287 +Info 2016-02-04 2016-02-24
6.5
None Remote Low ??? Partial Partial Partial
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
40 CVE-2015-8148 200 +Info 2016-02-18 2016-12-06
5.0
None Remote Low Not required Partial None None
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request.
41 CVE-2015-7915 255 +Info 2016-02-06 2016-12-03
10.0
None Remote Low Not required Complete Complete Complete
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
42 CVE-2015-7680 200 +Info 2016-02-10 2016-02-18
5.0
None Remote Low Not required Partial None None
Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
43 CVE-2015-7677 200 +Info 2016-02-10 2016-02-12
4.0
None Remote Low ??? Partial None None
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.
44 CVE-2015-7675 200 Bypass +Info 2016-02-10 2016-02-18
4.0
None Remote Low ??? Partial None None
The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID in the (1) serverFileIds parameter to mobile/sendMsg or (2) arg01 parameter to human.aspx.
45 CVE-2015-7444 200 +Info 2016-02-15 2016-03-02
5.0
None Remote Low Not required Partial None None
The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.
46 CVE-2015-5340 264 +Info 2016-02-22 2020-12-01
4.0
None Remote Low ??? Partial None None
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php.
47 CVE-2015-5339 264 +Info 2016-02-22 2020-12-01
4.0
None Remote Low ??? Partial None None
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.
48 CVE-2015-5268 264 +Info 2016-02-22 2020-12-01
4.0
None Remote Low ??? Partial None None
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.
49 CVE-2015-5267 200 +Info 2016-02-22 2020-12-01
5.0
None Remote Low Not required Partial None None
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
50 CVE-2015-4991 200 +Info 2016-02-15 2016-03-10
2.1
None Local Low Not required Partial None None
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.
Total number of vulnerabilities : 54   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.