CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2016(Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1000031 284 Exec Code 2016-10-25 2017-11-02
7.5
None Remote Low Not required Partial Partial Partial
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
2 CVE-2016-1000003 94 Exec Code 2016-10-07 2016-12-22
7.5
None Remote Low Not required Partial Partial Partial
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.
3 CVE-2016-10082 284 Exec Code File Inclusion 2016-12-30 2017-01-03
7.5
None Remote Low Not required Partial Partial Partial
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
4 CVE-2016-10081 19 Exec Code 2016-12-29 2017-08-31
9.3
None Remote Medium Not required Complete Complete Complete
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
5 CVE-2016-10074 77 Exec Code 2016-12-30 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
6 CVE-2016-10072 264 Exec Code 2016-12-27 2016-12-28
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer."
7 CVE-2016-10045 77 Exec Code 2016-12-30 2017-09-02
7.5
None Remote Low Not required Partial Partial Partial
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
8 CVE-2016-10034 77 Exec Code 2016-12-30 2017-09-02
7.5
None Remote Low Not required Partial Partial Partial
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
9 CVE-2016-10033 77 Exec Code 2016-12-30 2017-09-02
7.5
None Remote Low Not required Partial Partial Partial
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
10 CVE-2016-10031 264 Exec Code 2016-12-27 2016-12-30
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer."
11 CVE-2016-9951 284 Exec Code 2016-12-16 2017-01-06
4.3
None Remote Medium Not required None None Partial
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
12 CVE-2016-9949 94 Exec Code 2016-12-16 2017-01-06
9.3
Admin Remote Medium Not required Complete Complete Complete
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
13 CVE-2016-9942 119 DoS Exec Code Overflow 2016-12-31 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
14 CVE-2016-9941 119 DoS Exec Code Overflow 2016-12-31 2017-06-30
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area.
15 CVE-2016-9920 284 Exec Code 2016-12-08 2017-06-30
6.0
None Remote Medium Single system Partial Partial Partial
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.
16 CVE-2016-9854 200 Exec Code +Info 2016-12-10 2017-06-30
5.0
None Remote Low Not required Partial None None
An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.
17 CVE-2016-9832 74 Exec Code 2016-12-09 2016-12-27
6.5
None Remote Low Single system Partial Partial Partial
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
18 CVE-2016-9796 264 Exec Code Bypass 2016-12-03 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."
19 CVE-2016-9675 119 Exec Code Overflow 2016-12-22 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
20 CVE-2016-9429 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
21 CVE-2016-9428 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
22 CVE-2016-9427 190 DoS Exec Code Overflow 2016-12-11 2017-01-06
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
23 CVE-2016-9426 190 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.
24 CVE-2016-9425 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
25 CVE-2016-9424 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.
26 CVE-2016-9423 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
27 CVE-2016-9422 119 DoS Exec Code Overflow 2016-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.
28 CVE-2016-9268 434 Exec Code 2016-11-10 2016-11-29
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors.
29 CVE-2016-9242 89 Exec Code Sql 2016-11-07 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter.
30 CVE-2016-9190 284 Exec Code 2016-11-04 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
31 CVE-2016-9187 434 Exec Code 2016-11-04 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
32 CVE-2016-9186 434 Exec Code 2016-11-04 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
33 CVE-2016-9176 119 Exec Code Overflow 2016-11-03 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code.
34 CVE-2016-9157 20 DoS Exec Code 2016-12-05 2017-06-12
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
35 CVE-2016-9150 119 Exec Code Overflow 2016-11-19 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
36 CVE-2016-8908 89 Exec Code Sql 2016-11-14 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
37 CVE-2016-8907 89 Exec Code Sql 2016-11-14 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
38 CVE-2016-8906 89 Exec Code Sql 2016-11-14 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
39 CVE-2016-8905 89 Exec Code Sql 2016-11-14 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
40 CVE-2016-8904 89 Exec Code Sql 2016-11-14 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
41 CVE-2016-8903 89 Exec Code Sql 2016-11-14 2016-11-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
42 CVE-2016-8902 89 Exec Code Sql 2016-11-14 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
43 CVE-2016-8878 125 Exec Code 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedded in the XFA stream in a PDF document, aka "Data from Faulting Address may be used as a return value starting at FOXITREADER."
44 CVE-2016-8877 787 Exec Code Overflow 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded in a PDF document, aka a "corrupted suffix pattern" issue.
45 CVE-2016-8876 125 Exec Code 2016-10-31 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF image embedded in the XFA stream in a PDF document, aka "Read Access Violation starting at FoxitReader."
46 CVE-2016-8856 275 Exec Code 2016-10-31 2017-07-28
4.6
None Local Low Not required Partial Partial Partial
Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbitrary code. After the installation, Foxit Reader's core files were world-writable by default, allowing an attacker to overwrite them with backdoor code, which when executed by privileged user would result in Privilege Escalation, Code Execution, or both.
47 CVE-2016-8707 787 Exec Code 2016-12-23 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular circumstances could be leveraged into remote code execution. The vulnerability can be triggered through any user controlled TIFF that is handled by this functionality.
48 CVE-2016-8633 119 Exec Code Overflow 2016-11-27 2016-11-28
6.2
None Local High Not required Complete Complete Complete
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
49 CVE-2016-8598 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.
50 CVE-2016-8597 119 Exec Code Overflow 2016-10-28 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.
Total number of vulnerabilities : 1494   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.