CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5751 CVE-2016-4885 352 CSRF 2017-05-12 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5752 CVE-2016-4884 352 CSRF 2017-05-12 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5753 CVE-2016-4882 352 CSRF 2017-05-12 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5754 CVE-2016-4881 352 CSRF 2017-05-12 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5755 CVE-2016-4879 352 CSRF 2017-05-12 2017-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5756 CVE-2016-4878 352 CSRF 2017-05-12 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5757 CVE-2016-4876 352 Exec Code CSRF 2017-05-12 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.
5758 CVE-2016-4871 399 DoS 2017-04-17 2017-04-20
6.8
None Remote Low Single system None None Complete
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
5759 CVE-2016-4862 20 Exec Code 2017-04-20 2017-04-26
6.5
None Remote Low Single system Partial Partial Partial
Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.
5760 CVE-2016-4854 352 CSRF 2017-05-22 2017-05-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.
5761 CVE-2016-4853 78 Exec Code 2016-09-01 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe.
5762 CVE-2016-4850 284 Exec Code 2017-04-20 2017-04-26
6.8
None Remote Medium Not required Partial Partial Partial
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.
5763 CVE-2016-4845 352 CSRF 2016-09-24 2017-02-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content.
5764 CVE-2016-4838 20 2017-05-12 2017-05-26
6.8
None Remote Medium Not required Partial Partial Partial
The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application.
5765 CVE-2016-4828 19 2016-06-25 2016-06-27
6.4
None Remote Low Not required Partial Partial None
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
5766 CVE-2016-4825 20 Exec Code 2016-06-25 2016-06-27
6.8
None Remote Medium Not required Partial Partial Partial
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via crafted serialized data.
5767 CVE-2016-4820 352 CSRF 2016-06-18 2016-06-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users.
5768 CVE-2016-4808 352 CSRF 2017-01-11 2017-01-19
6.8
None Remote Medium Not required Partial Partial Partial
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
5769 CVE-2016-4802 264 Exec Code 2016-06-24 2016-12-30
6.9
None Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
5770 CVE-2016-4791 2016-05-26 2016-05-26
6.4
None Remote Low Not required Partial Partial None
The administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote administrators to enumerate files, read arbitrary files, and conduct server side request forgery (SSRF) attacks via unspecified vectors.
5771 CVE-2016-4787 2016-05-26 2016-05-26
6.4
None Remote Low Not required Partial None Partial
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read sensitive system authentication files in an unspecified directory via unknown vectors.
5772 CVE-2016-4779 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
5773 CVE-2016-4769 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5774 CVE-2016-4768 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4767.
5775 CVE-2016-4767 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766, and CVE-2016-4768.
5776 CVE-2016-4766 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4767, and CVE-2016-4768.
5777 CVE-2016-4765 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
5778 CVE-2016-4764 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5779 CVE-2016-4762 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
5780 CVE-2016-4759 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4765, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
5781 CVE-2016-4728 20 Exec Code 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
5782 CVE-2016-4692 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5783 CVE-2016-4691 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
5784 CVE-2016-4688 119 DoS Exec Code Overflow 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font.
5785 CVE-2016-4683 119 DoS Exec Code Overflow 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file.
5786 CVE-2016-4681 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-02-21
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "Core Image" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
5787 CVE-2016-4677 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5788 CVE-2016-4673 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file.
5789 CVE-2016-4667 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ATS" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font.
5790 CVE-2016-4666 119 DoS Exec Code Overflow Mem. Corr. 2017-02-20 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
5791 CVE-2016-4657 119 DoS Exec Code Overflow Mem. Corr. 2016-08-25 2018-06-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
5792 CVE-2016-4637 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.
5793 CVE-2016-4633 264 DoS Exec Code Mem. Corr. 2016-07-21 2017-08-31
6.9
None Local Medium Not required Complete Complete Complete
Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
5794 CVE-2016-4631 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
5795 CVE-2016-4630 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.
5796 CVE-2016-4624 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.
5797 CVE-2016-4623 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.
5798 CVE-2016-4622 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
5799 CVE-2016-4611 119 DoS Exec Code Overflow Mem. Corr. 2016-09-25 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
5800 CVE-2016-4602 119 DoS Exec Code Overflow Mem. Corr. 2016-07-21 2017-08-31
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.