Total
309233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | |||||
| CVE-2016-10773 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | |||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
| CVE-2016-10771 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | |||||
| CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | |||||
| CVE-2016-10769 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). | |||||
| CVE-2016-10768 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). | |||||
| CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | |||||
| CVE-2016-10766 | 1 Edx | 1 Edx-platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| edx-platform before 2016-06-06 allows CSRF. | |||||
| CVE-2016-10765 | 1 Edx | 1 Edx-platform | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| edx-platform before 2016-06-10 allows account activation with a spoofed e-mail address. | |||||
| CVE-2016-10764 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. | |||||
| CVE-2016-10763 | 1 Automattic | 1 Camptix Event Ticketing | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | |||||
| CVE-2016-10762 | 1 Automattic | 1 Camptix Event Ticketing | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | |||||
| CVE-2016-10761 | 1 Logitech | 10 K360, K360 Firmware, K400r and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. | |||||
| CVE-2016-10760 | 1 Seowonintech | 8 Swr-300a, Swr-300a Firmware, Swr-300b and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. | |||||
| CVE-2016-10759 | 1 Precurio | 1 Precurio | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Xinha plugin in Precurio 2.1 allows Directory Traversal, with resultant arbitrary code execution, via ExtendedFileManager/Classes/ExtendedFileManager.php because ExtendedFileManager can be used to rename the .htaccess file that blocks .php uploads. | |||||
| CVE-2016-10758 | 1 Phpkit | 1 Phpkit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter. | |||||
| CVE-2016-10757 | 1 Readaxo | 1 Readaxo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php. | |||||
| CVE-2016-10756 | 1 Kliqqi | 1 Kliqqi Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/upload_main.php can be used for the upload itself. | |||||
| CVE-2016-10755 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| AbanteCart 1.2.8 allows SQL Injection via the source_language parameter to admin/controller/pages/localisation/language.php and core/lib/language_manager.php, or via POST data to admin/controller/pages/tool/backup.php and admin/model/tool/backup.php. | |||||