CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3351 CVE-2016-10823 20 Exec Code 2019-08-01 2019-08-07
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
3352 CVE-2016-10820 284 2019-08-01 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
3353 CVE-2016-10817 89 Sql 2019-08-01 2019-08-05
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
3354 CVE-2016-10812 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
3355 CVE-2016-10811 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
3356 CVE-2016-10810 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
3357 CVE-2016-10809 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
3358 CVE-2016-10808 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
3359 CVE-2016-10788 20 Exec Code 2019-08-06 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
3360 CVE-2016-10760 77 2019-06-11 2019-06-12
10.0
None Remote Low Not required Complete Complete Complete
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter.
3361 CVE-2016-10709 78 Exec Code 2018-01-21 2018-02-09
9.0
None Remote Low Single system Complete Complete Complete
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
3362 CVE-2016-10698 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3363 CVE-2016-10697 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3364 CVE-2016-10696 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3365 CVE-2016-10695 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3366 CVE-2016-10694 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3367 CVE-2016-10693 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3368 CVE-2016-10692 310 Exec Code 2018-06-04 2018-07-11
9.3
None Remote Medium Not required Complete Complete Complete
haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3369 CVE-2016-10691 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3370 CVE-2016-10690 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3371 CVE-2016-10689 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3372 CVE-2016-10688 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3373 CVE-2016-10687 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3374 CVE-2016-10686 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3375 CVE-2016-10685 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3376 CVE-2016-10684 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3377 CVE-2016-10683 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3378 CVE-2016-10682 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3379 CVE-2016-10681 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3380 CVE-2016-10679 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3381 CVE-2016-10678 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
serc.js is a Selenium RC process wrapper serc.js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3382 CVE-2016-10677 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
google-closure-tools-latest is a Node.js module wrapper for downloading the latest version of the Google Closure tools google-closure-tools-latest downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3383 CVE-2016-10676 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
rs-brightcove is a wrapper around brightcove's web api rs-brightcove downloads source file resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3384 CVE-2016-10675 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
libsbmlsim is a module that installs linux binaries for libsbmlsim libsbmlsim downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3385 CVE-2016-10674 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3386 CVE-2016-10672 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3387 CVE-2016-10671 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3388 CVE-2016-10670 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
windows-seleniumjar-mirror downloads the Selenium Jar file windows-seleniumjar-mirror downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3389 CVE-2016-10669 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
soci downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3390 CVE-2016-10668 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
libsbml is a module that installs Linux binaries for libSBML libsbml downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3391 CVE-2016-10667 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3392 CVE-2016-10666 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3393 CVE-2016-10665 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
herbivore is a packet sniffing and crafting library. Built on libtins herbivore 0.0.3 and below download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3394 CVE-2016-10664 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3395 CVE-2016-10663 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3396 CVE-2016-10662 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
tomita is a node wrapper for Yandex Tomita Parser tomita downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3397 CVE-2016-10661 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3398 CVE-2016-10660 310 Exec Code 2018-06-04 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3399 CVE-2016-10659 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3400 CVE-2016-10658 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.