• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                         2016 VULNERABILITY DATABASE

     

     

    CVE-2016-1182

    Summary: ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.

    Published: 7/4/2016 6:59:02 PM

     

    CVSS Severity: v3 - 8.2 HIGH      v2 - 6.4 MEDIUM

     

    CVE-2016-1181

    Summary: ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

    Published: 7/4/2016 6:59:01 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2015-0899

    Summary: The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.

    Published: 7/4/2016 6:59:00 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2016-5849

    Summary: Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.

    Published: 7/4/2016 12:59:02 PM

     

    CVE-2016-5848

    Summary: Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

    Published: 7/4/2016 12:59:01 PM

     

    CVE-2016-0899

    Summary: EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.

    Published: 7/4/2016 12:59:00 PM

     

    CVE-2016-6130

    Summary: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a "double fetch" vulnerability.

    Published: 7/3/2016 5:59:18 PM

     

    CVSS Severity: v3 - 4.7 MEDIUM      v2 - 1.9 LOW

     

    CVE-2016-4998

    Summary: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.

    Published: 7/3/2016 5:59:17 PM

     

    CVSS Severity: v3 - 7.1 HIGH      v2 - 5.6 MEDIUM

     

    CVE-2016-4997

    Summary: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.

    Published: 7/3/2016 5:59:16 PM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2016-3955

    Summary: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet.

    Published: 7/3/2016 5:59:15 PM

     

    CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

     

    CVE-2016-2894

    Summary: IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging previous use of a symlink during archive and retrieve actions.

    Published: 7/3/2016 5:59:14 PM

     

    CVE-2016-2863

    Summary: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

    Published: 7/3/2016 5:59:12 PM

     

    CVSS Severity: v3 - 8.0 HIGH      v2 - 6.0 MEDIUM

     

    CVE-2016-2862

    Summary: Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

    Published: 7/3/2016 5:59:11 PM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-2074

    Summary: Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x and 2.3.x before 2.3.3 and 2.4.x before 2.4.1 allows remote attackers to execute arbitrary code via crafted MPLS packets, as demonstrated by a long string in an ovs-appctl command.

    Published: 7/3/2016 5:59:10 PM

     

    CVE-2016-1704

    Summary: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

    Published: 7/3/2016 5:59:09 PM

     

    CVSS Severity: v3 - 8.8 HIGH      v2 - 6.8 MEDIUM

     

    CVE-2016-1425

    Summary: Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S allows remote attackers to cause a denial of service (device crash) via a crafted LLDP packet, aka Bug ID CSCun66735.

    Published: 7/3/2016 5:59:08 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.1 MEDIUM

     

    CVE-2016-1398

    Summary: Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware through 1.2.1.4, RV130W devices with firmware through 1.0.2.7, and RV215W devices with firmware through 1.3.0.7 allows remote authenticated users to cause a denial of service (device reload) via a crafted HTTP request, aka Bug ID CSCux86669.

    Published: 7/3/2016 5:59:07 PM

     

    CVSS Severity: v3 - 6.5 MEDIUM      v2 - 6.8 MEDIUM

     

    CVE-2016-1337

    Summary: Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.

    Published: 7/3/2016 5:59:06 PM

     

    CVSS Severity: v3 - 8.1 HIGH      v2 - 4.3 MEDIUM

     

    CVE-2016-1336

    Summary: goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.

    Published: 7/3/2016 5:59:05 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

     

    CVE-2016-1328

    Summary: goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.

    Published: 7/3/2016 5:59:04 PM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

     

     

    <<< New  Older >>>

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More