• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                         2016 VULNERABILITY DATABASE

     

     

     

    CVE-2016-0277

    Summary: Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301.

    Published: 6/26/2016 10:59:02 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-0259

    Summary: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands.

    Published: 6/26/2016 10:59:01 AM

     

    CVSS Severity: v3 - 2.5 LOW      v2 - 2.1 LOW

     

    CVE-2015-7473

    Summary: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.

    Published: 6/26/2016 10:59:00 AM

     

    CVSS Severity: v3 - 2.5 LOW      v2 - 2.1 LOW

     

    CVE-2016-5087

    Summary: Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations.

    Published: 6/25/2016 9:59:04 PM

     

    CVE-2016-4513

    Summary: Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

    Published: 6/25/2016 9:59:03 PM

     

    CVE-2016-2901

    Summary: Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

    Published: 6/25/2016 9:59:02 PM

     

    CVE-2015-7988

    Summary: The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.

    Published: 6/25/2016 9:59:01 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

     

    CVE-2015-7987

    Summary: Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

    Published: 6/25/2016 9:59:00 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 6.8 MEDIUM

     

    CVE-2016-4828

    Summary: The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.

    Published: 6/25/2016 5:59:10 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.4 MEDIUM

     

    CVE-2016-4827

    Summary: Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4826.

    Published: 6/25/2016 5:59:09 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-4826

    Summary: Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-4827.

    Published: 6/25/2016 5:59:08 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-4825

    Summary: The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.

    Published: 6/25/2016 5:59:07 PM

     

    CVSS Severity: v3 - 5.6 MEDIUM      v2 - 6.8 MEDIUM

     

    CVE-2016-4824

    Summary: The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.

    Published: 6/25/2016 5:59:06 PM

     

    CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

     

    CVE-2016-4823

    Summary: Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.

    Published: 6/25/2016 5:59:05 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

     

    CVE-2016-4822

    Summary: Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors.

    Published: 6/25/2016 5:59:04 PM

     

    CVSS Severity: v3 - 8.0 HIGH      v2 - 5.2 MEDIUM

     

    CVE-2016-1193

    Summary: Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

    Published: 6/25/2016 5:59:03 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-1190

    Summary: Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

    Published: 6/25/2016 5:59:02 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.0 MEDIUM

     

    CVE-2016-1189

    Summary: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

    Published: 6/25/2016 5:59:01 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 5.5 MEDIUM

     

    CVE-2016-1188

    Summary: Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

    Published: 6/25/2016 5:59:00 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.0 MEDIUM

     

    CVE-2016-4528

    Summary: Buffer overflow in Advantech WebAccess before 8.1_20160519 allows local users to cause a denial of service via a crafted DLL file.

    Published: 6/24/2016 9:59:02 PM

     

    CVSS Severity: v3 - 5.0 MEDIUM      v2 - 4.3 MEDIUM

     

     

    <<< New  Older >>>

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More