| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5051 |
CVE-2016-7070 |
264 |
|
+Priv |
2018-09-11 |
2018-11-09 |
5.2 |
None |
Local Network |
Low |
Single system |
Partial |
Partial |
Partial |
|
A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database. |
|
5052 |
CVE-2016-7054 |
284 |
|
|
2017-05-04 |
2017-09-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. |
|
5053 |
CVE-2016-7053 |
476 |
|
|
2017-05-04 |
2017-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. |
|
5054 |
CVE-2016-7052 |
476 |
|
DoS |
2016-09-26 |
2018-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. |
|
5055 |
CVE-2016-7051 |
611 |
|
|
2017-04-14 |
2017-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. |
|
5056 |
CVE-2016-7045 |
119 |
|
DoS Overflow |
2016-09-27 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. |
|
5057 |
CVE-2016-7044 |
119 |
|
DoS Overflow |
2016-09-27 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. |
|
5058 |
CVE-2016-7038 |
640 |
|
|
2017-01-20 |
2017-01-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. |
|
5059 |
CVE-2016-7037 |
361 |
|
|
2017-01-23 |
2017-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack. |
|
5060 |
CVE-2016-7030 |
255 |
|
DoS |
2017-08-28 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on. |
|
5061 |
CVE-2016-6936 |
200 |
|
+Info |
2016-09-16 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. |
|
5062 |
CVE-2016-6920 |
119 |
|
DoS Overflow |
2017-01-23 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. |
|
5063 |
CVE-2016-6908 |
601 |
|
|
2017-01-26 |
2017-01-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as "/", "?" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character. |
|
5064 |
CVE-2016-6896 |
22 |
|
DoS Dir. Trav. |
2017-01-18 |
2017-09-02 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool. |
|
5065 |
CVE-2016-6892 |
416 |
|
DoS XSS |
2017-01-05 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate. |
|
5066 |
CVE-2016-6891 |
125 |
|
DoS XSS |
2017-01-05 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ASN.1 Bit Field primitive in an X.509 certificate. |
|
5067 |
CVE-2016-6886 |
320 |
|
DoS XSS |
2017-01-13 |
2017-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. |
|
5068 |
CVE-2016-6885 |
416 |
|
DoS XSS |
2017-01-13 |
2017-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. |
|
5069 |
CVE-2016-6879 |
320 |
|
|
2017-04-10 |
2017-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The X509_Certificate::allowed_usage function in botan 1.11.x before 1.11.31 might allow attackers to have unspecified impact by leveraging a call with more than one Key_Usage set in the enum value. |
|
5070 |
CVE-2016-6876 |
399 |
|
DoS |
2016-09-07 |
2016-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP Analytics 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP DNS 12.0.0 before HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 10.2.1 through 10.2.4 and 11.2.1; BIG-IP GTM 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1; and BIG-IP PSM 10.2.1 through 10.2.4 and 11.4.0 through 11.4.1 allows remote DNS servers to cause a denial of service (CPU consumption or Traffic Management Microkernel crash) via a crafted PTR response. |
|
5071 |
CVE-2016-6866 |
476 |
|
Bypass |
2017-02-15 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash. |
|
5072 |
CVE-2016-6855 |
787 |
|
DoS |
2016-09-07 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, and 3.20.x before 3.20.4, when used with glib before 2.44.1, allow remote attackers to cause a denial of service (out-of-bounds write and crash) via vectors involving passing invalid UTF-8 to GMarkup. |
|
5073 |
CVE-2016-6831 |
400 |
|
DoS |
2017-01-10 |
2017-01-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). |
|
5074 |
CVE-2016-6825 |
285 |
|
|
2016-09-07 |
2016-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, and RH2288H V3 servers with software before V100R003C00SPC515 allow remote attackers to obtain passwords via a brute-force attack, related to "lack of authentication protection mechanisms." |
|
5075 |
CVE-2016-6823 |
190 |
|
DoS Overflow |
2017-01-18 |
2017-01-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write. |
|
5076 |
CVE-2016-6820 |
200 |
|
+Info |
2017-01-11 |
2017-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MetroCluster Tiebreaker for clustered Data ONTAP in versions before 1.2 discloses sensitive information in cleartext which may be viewed by an unauthenticated user. |
|
5077 |
CVE-2016-6817 |
119 |
|
DoS Overflow |
2017-08-10 |
2018-06-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. |
|
5078 |
CVE-2016-6802 |
284 |
|
Bypass |
2016-09-20 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path. |
|
5079 |
CVE-2016-6799 |
532 |
|
|
2017-05-09 |
2017-05-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications. |
|
5080 |
CVE-2016-6797 |
284 |
|
|
2017-08-10 |
2018-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. |
|
5081 |
CVE-2016-6796 |
254 |
|
Bypass |
2017-08-10 |
2018-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. |
|
5082 |
CVE-2016-6794 |
200 |
|
Bypass +Info |
2017-08-10 |
2018-06-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. |
|
5083 |
CVE-2016-6723 |
284 |
|
DoS |
2016-11-25 |
2016-12-21 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Android ID: A-30100884. |
|
5084 |
CVE-2016-6670 |
200 |
|
+Info |
2016-09-07 |
2016-09-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Huawei S7700, S9300, S9700, and S12700 devices with software before V200R008C00SPC500 use random numbers with insufficient entropy to generate self-signed certificates, which makes it easier for remote attackers to discover private keys by leveraging knowledge of a certificate. |
|
5085 |
CVE-2016-6668 |
200 |
|
+Info |
2017-01-23 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. |
|
5086 |
CVE-2016-6657 |
601 |
|
|
2016-12-16 |
2016-12-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later. |
|
5087 |
CVE-2016-6653 |
200 |
|
+Info |
2016-10-06 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials. |
|
5088 |
CVE-2016-6644 |
264 |
|
|
2016-09-17 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. |
|
5089 |
CVE-2016-6642 |
352 |
|
CSRF |
2016-09-17 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. |
|
5090 |
CVE-2016-6639 |
254 |
|
+Info |
2016-09-17 |
2018-08-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products, place the .profile file in the htdocs directory, which might allow remote attackers to obtain sensitive information via an HTTP GET request for this file. |
|
5091 |
CVE-2016-6636 |
601 |
|
|
2016-09-29 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. |
|
5092 |
CVE-2016-6627 |
200 |
|
+Info |
2016-12-10 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in phpMyAdmin. An attacker can determine the phpMyAdmin host location through the file url.php. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
|
5093 |
CVE-2016-6626 |
254 |
|
|
2016-12-10 |
2017-06-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
|
5094 |
CVE-2016-6621 |
918 |
|
|
2017-01-31 |
2018-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. |
|
5095 |
CVE-2016-6611 |
89 |
|
Sql |
2016-12-10 |
2017-06-30 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
|
5096 |
CVE-2016-6606 |
310 |
|
|
2016-12-10 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. |
|
5097 |
CVE-2016-6605 |
284 |
|
Bypass |
2017-04-10 |
2017-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization. |
|
5098 |
CVE-2016-6603 |
20 |
|
Bypass |
2017-01-23 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. |
|
5099 |
CVE-2016-6602 |
327 |
|
|
2017-01-23 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit. |
|
5100 |
CVE-2016-6601 |
22 |
|
Dir. Trav. |
2017-01-23 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. |
