• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                           2016 VULNERABILITY DATABASE

     

     

     

    CVE-2016-0359

    Summary: CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

    Published: 7/3/2016 5:59:03 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-0346

    Summary: Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

    Published: 7/3/2016 5:59:01 PM

     

    CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

     

    CVE-2016-0221

    Summary: Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in IBM Cognos Business Intelligence 10.2 before IF20, 10.2.1 before IF17, 10.2.1.1 before IF16, 10.2.2 before IF12, and 10.1.1 before IF19, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

    Published: 7/3/2016 5:59:00 PM

     

    CVSS Severity: v3 - 5.4 MEDIUM      v2 - 3.5 LOW

     

    CVE-2016-4512

    Summary: Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 and earlier allows remote attackers to execute arbitrary code via a long packet.

    Published: 7/3/2016 10:59:07 AM

     

    CVSS Severity: v3 - 7.3 HIGH      v2 - 7.5 HIGH

     

    CVE-2016-4509

    Summary: Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and earlier allows remote authenticated users to execute arbitrary code via a crafted file.

    Published: 7/3/2016 10:59:06 AM

     

    CVSS Severity: v3 - 6.0 MEDIUM      v2 - 6.0 MEDIUM

     

    CVE-2016-3989

    Summary: The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.

    Published: 7/3/2016 10:59:05 AM

     

    CVE-2016-3988

    Summary: Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.

    Published: 7/3/2016 10:59:04 AM

     

    CVE-2016-3962

    Summary: Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.

    Published: 7/3/2016 10:59:03 AM

     

    CVE-2016-1228

    Summary: Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allows remote attackers to hijack the authentication of arbitrary users.

    Published: 7/3/2016 10:59:02 AM

     

    CVE-2016-1227

    Summary: NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earlier allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

    Published: 7/3/2016 10:59:01 AM

     

    CVE-2015-5664

    Summary: Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

    Published: 7/3/2016 10:59:00 AM

     

    CVE-2016-5739

    Summary: The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.

    Published: 7/2/2016 9:59:25 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5734

    Summary: phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

    Published: 7/2/2016 9:59:24 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

     

    CVE-2016-5733

    Summary: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.

    Published: 7/2/2016 9:59:23 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-5732

    Summary: Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.

    Published: 7/2/2016 9:59:22 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-5731

    Summary: Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving an OpenID error message.

    Published: 7/2/2016 9:59:21 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-5730

    Summary: phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.

    Published: 7/2/2016 9:59:20 PM

     

    CVSS Severity: v3 - 5.3 MEDIUM      v2 - 5.0 MEDIUM

     

    CVE-2016-5706

    Summary: js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to cause a denial of service via a large array in the scripts parameter.

    Published: 7/2/2016 9:59:18 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5705

    Summary: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) server-privileges certificate data fields on the user privileges page, (2) an "invalid JSON" error message in the error console, (3) a database name in the central columns implementation, (4) a group name, or (5) a search name in the bookmarks implementation.

    Published: 7/2/2016 9:59:17 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-5704

    Summary: Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.

    Published: 7/2/2016 9:59:15 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

     

    <<< New  Older >>>

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More