CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

  • HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

                                      2016 VULNERABILITY DATABASE

     

     

    CVE-2016-4971

    Summary: GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.

    Published: 6/30/2016 1:59:07 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 4.3 MEDIUM

     

    CVE-2016-4803

    Summary: CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

    Published: 6/30/2016 1:59:06 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-4472

    Summary: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

    Published: 6/30/2016 1:59:04 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-4309

    Summary: Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.

    Published: 6/30/2016 1:59:02 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

     

    CVE-2016-3189

    Summary: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

    Published: 6/30/2016 1:59:01 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2015-8899

    Summary: Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

    Published: 6/30/2016 1:59:00 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5840

    Summary: hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via a crafted string.

    Published: 6/30/2016 12:59:11 PM

     

    CVSS Severity: v3 - 7.2 HIGH      v2 - 9.0 HIGH

     

    CVE-2016-5729

    Summary: Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.

    Published: 6/30/2016 12:59:10 PM

     

    CVSS Severity: v3 - 6.7 MEDIUM      v2 - 6.8 MEDIUM

     

    CVE-2016-5368

    Summary: Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.

    Published: 6/30/2016 12:59:09 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

     

    CVE-2016-5249

    Summary: Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly.

    Published: 6/30/2016 12:59:08 PM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2016-5248

    Summary: The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument.

    Published: 6/30/2016 12:59:07 PM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

     

    CVE-2016-5232

    Summary: Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app.

    Published: 6/30/2016 12:59:06 PM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 7.1 HIGH

     

    CVE-2016-5231

    Summary: Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app.

    Published: 6/30/2016 12:59:05 PM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5230

    Summary: Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app.

    Published: 6/30/2016 12:59:04 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-4474

    Summary: The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.

    Published: 6/30/2016 12:59:03 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 3.3 LOW

     

    CVE-2016-4086

    Summary: Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before 4.0.4.204_ove allows remote attackers to install arbitrary apps on a connected phone via unspecified vectors.

    Published: 6/30/2016 12:59:02 PM

     

    CVSS Severity: v3 - 5.3 MEDIUM      v2 - 2.9 LOW

     

    CVE-2016-4057

    Summary: Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.

    Published: 6/30/2016 12:59:01 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.8 MEDIUM

     

    CVE-2016-2141

    Summary: JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

    Published: 6/30/2016 12:59:00 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

     

    CVE-2016-0349

    Summary: IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before 8.5.7.CF201606 allows remote authenticated users to bypass intended access restrictions and update process-instance variables via a REST API call.

    Published: 6/29/2016 9:59:01 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.0 MEDIUM

     

    CVE-2016-0322

    Summary: Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 through CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML by uploading an HTML document.

    Published: 6/29/2016 9:59:00 PM

     

    CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

     

     

    <<< New  Older >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnrability Database

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More

      2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

      ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

       

      • s-linkedin
      • s-facebook
      • Google Metallic
      • YouTube Metallic
      • Pinterest Metallic
      • s-tbird

      © 2020  TROJAN HORSE SECURITY INC