CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1000155 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
2 CVE-2016-1000154 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin whizz v1.0.7
3 CVE-2016-1000153 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tidio-gallery v1.1
4 CVE-2016-1000152 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tidio-form v1.0
5 CVE-2016-1000151 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tera-charts v1.0
6 CVE-2016-1000150 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin simplified-content v1.0.0
7 CVE-2016-1000149 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2
8 CVE-2016-1000148 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin s3-video v0.983
9 CVE-2016-1000147 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin recipes-writer v1.0.4
10 CVE-2016-1000146 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin pondol-formmail v1.1
11 CVE-2016-1000145 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin pondol-carousel v1.0
12 CVE-2016-1000144 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin photoxhibit v2.1.8
13 CVE-2016-1000143 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin photoxhibit v2.1.8
14 CVE-2016-1000142 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin parsi-font v4.2.5
15 CVE-2016-1000141 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
16 CVE-2016-1000140 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin new-year-firework v1.1.9
17 CVE-2016-1000139 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin infusionsoft v1.5.11
18 CVE-2016-1000138 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin indexisto v1.0.5
19 CVE-2016-1000137 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
20 CVE-2016-1000136 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin heat-trackr v1.0
21 CVE-2016-1000135 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hdw-tube v1.2
22 CVE-2016-1000134 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hdw-tube v1.2
23 CVE-2016-1000133 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
24 CVE-2016-1000132 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
25 CVE-2016-1000131 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin e-search v1.0
26 CVE-2016-1000130 79 XSS 2016-10-10 2016-10-12
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin e-search v1.0
27 CVE-2016-1000129 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin defa-online-image-protector v3.3
28 CVE-2016-1000128 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin anti-plagiarism v3.60
29 CVE-2016-1000127 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin ajax-random-post v2.00
30 CVE-2016-1000126 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin admin-font-editor v1.8
31 CVE-2016-1000114 79 XSS 2016-10-06 2016-11-28
4.3
None Remote Medium Not required None Partial None
XSS in huge IT gallery v1.1.5 for Joomla
32 CVE-2016-1000033 295 2016-10-25 2016-11-07
4.3
None Remote Medium Not required Partial None None
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
33 CVE-2016-1000007 79 XSS 2016-10-07 2016-11-07
4.3
None Remote Medium Not required None Partial None
Pagure 2.2.1 XSS in raw file endpoint
34 CVE-2016-9888 476 2016-12-08 2016-12-08
4.3
None Remote Medium Not required None None Partial
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
35 CVE-2016-9751 79 XSS 2016-12-01 2016-12-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
36 CVE-2016-9567 200 +Info 2016-11-23 2016-11-29
4.3
None Remote Medium Not required Partial None None
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
37 CVE-2016-9452 20 DoS 2016-11-25 2016-11-29
4.3
None Remote Medium Not required None None Partial
The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote attackers to cause a denial of service via a crafted URL.
38 CVE-2016-9451 601 2016-11-25 2016-11-29
4.9
None Remote Medium Single system Partial Partial None
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
39 CVE-2016-9449 200 +Info 2016-11-25 2016-11-29
4.0
None Remote Low Single system Partial None None
The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 might allow remote authenticated users to obtain sensitive information about taxonomy terms by leveraging inconsistent naming of access query tags.
40 CVE-2016-9376 399 2016-11-17 2016-11-29
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
41 CVE-2016-9375 20 2016-11-17 2016-11-29
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
42 CVE-2016-9374 119 Overflow 2016-11-17 2016-11-29
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
43 CVE-2016-9373 416 2016-11-17 2016-11-29
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
44 CVE-2016-9372 20 2016-11-17 2016-11-29
4.3
None Remote Medium Not required None None Partial
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
45 CVE-2016-9274 426 +Priv 2016-11-11 2016-12-05
4.4
None Local Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
46 CVE-2016-9191 20 DoS 2016-11-27 2016-11-29
4.9
None Local Low Not required None None Complete
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.
47 CVE-2016-9189 190 Overflow +Info 2016-11-04 2016-11-29
4.3
None Remote Medium Not required Partial None None
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.
48 CVE-2016-9188 79 XSS 2016-11-04 2016-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.
49 CVE-2016-9185 200 +Info 2016-11-04 2016-11-29
4.0
None Remote Low Single system Partial None None
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
50 CVE-2016-9152 79 XSS 2016-12-05 2016-12-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.