| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
40451 |
CVE-2016-1196 |
264 |
|
Bypass +Info |
2016-06-19 |
2016-06-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. |
|
40452 |
CVE-2016-1195 |
|
|
|
2016-06-19 |
2016-06-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
|
40453 |
CVE-2016-1194 |
399 |
|
DoS |
2017-04-21 |
2017-04-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. |
|
40454 |
CVE-2016-1193 |
200 |
|
+Info |
2016-06-25 |
2016-06-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. |
|
40455 |
CVE-2016-1192 |
22 |
|
Dir. Trav. |
2016-06-19 |
2016-06-21 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. |
|
40456 |
CVE-2016-1191 |
22 |
|
Dir. Trav. |
2016-06-19 |
2016-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. |
|
40457 |
CVE-2016-1190 |
284 |
|
Bypass |
2016-06-25 |
2016-06-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. |
|
40458 |
CVE-2016-1189 |
|
|
Bypass |
2016-06-25 |
2016-06-27 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. |
|
40459 |
CVE-2016-1188 |
|
|
|
2016-06-25 |
2016-06-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. |
|
40460 |
CVE-2016-1187 |
200 |
|
+Info |
2017-04-21 |
2017-04-27 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. |
|
40461 |
CVE-2016-1186 |
295 |
|
|
2017-04-21 |
2017-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. |
|
40462 |
CVE-2016-1184 |
295 |
|
|
2017-04-21 |
2017-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. |
|
40463 |
CVE-2016-1183 |
264 |
|
Bypass |
2016-06-18 |
2016-06-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. |
|
40464 |
CVE-2016-1182 |
20 |
|
DoS XSS |
2016-07-04 |
2019-04-23 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. |
|
40465 |
CVE-2016-1181 |
|
|
DoS Exec Code |
2016-07-04 |
2019-04-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. |
|
40466 |
CVE-2016-1180 |
79 |
|
XSS |
2016-04-08 |
2016-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40467 |
CVE-2016-1179 |
79 |
|
XSS |
2017-04-12 |
2017-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. |
|
40468 |
CVE-2016-1178 |
284 |
|
|
2017-04-12 |
2017-04-20 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. |
|
40469 |
CVE-2016-1177 |
254 |
|
|
2016-04-05 |
2016-04-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
|
40470 |
CVE-2016-1176 |
119 |
|
Exec Code Overflow |
2016-04-05 |
2016-05-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. |
|
40471 |
CVE-2016-1175 |
352 |
|
CSRF |
2016-04-05 |
2016-04-06 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. |
|
40472 |
CVE-2016-1174 |
352 |
|
CSRF |
2016-04-06 |
2016-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. |
|
40473 |
CVE-2016-1173 |
79 |
|
XSS |
2016-04-06 |
2016-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40474 |
CVE-2016-1172 |
352 |
|
CSRF |
2016-04-06 |
2016-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. |
|
40475 |
CVE-2016-1171 |
79 |
|
XSS |
2016-04-06 |
2016-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40476 |
CVE-2016-1170 |
352 |
|
CSRF |
2016-04-06 |
2016-04-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. |
|
40477 |
CVE-2016-1169 |
79 |
|
XSS |
2016-04-06 |
2016-04-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40478 |
CVE-2016-1168 |
352 |
|
CSRF |
2016-04-01 |
2016-04-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. |
|
40479 |
CVE-2016-1167 |
352 |
|
CSRF |
2016-04-01 |
2016-04-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. |
|
40480 |
CVE-2016-1161 |
352 |
|
CSRF |
2017-04-20 |
2017-04-26 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500). |
|
40481 |
CVE-2016-1160 |
79 |
|
XSS |
2016-03-25 |
2016-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40482 |
CVE-2016-1158 |
352 |
|
CSRF |
2016-03-03 |
2016-03-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. |
|
40483 |
CVE-2016-1157 |
79 |
|
XSS |
2016-02-23 |
2016-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40484 |
CVE-2016-1155 |
74 |
|
|
2017-04-13 |
2017-04-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies. |
|
40485 |
CVE-2016-1154 |
89 |
|
Exec Code Sql |
2016-02-19 |
2016-03-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
40486 |
CVE-2016-1153 |
20 |
|
DoS |
2016-02-16 |
2018-10-30 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
|
customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a different vulnerability than CVE-2015-8489. |
|
40487 |
CVE-2016-1152 |
264 |
|
Bypass |
2016-02-16 |
2016-02-22 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
None |
Partial |
|
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. |
|
40488 |
CVE-2016-1151 |
352 |
|
CSRF |
2016-02-16 |
2016-02-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. |
|
40489 |
CVE-2016-1150 |
79 |
|
XSS |
2016-02-16 |
2016-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. |
|
40490 |
CVE-2016-1149 |
79 |
|
XSS |
2016-02-16 |
2016-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. |
|
40491 |
CVE-2016-1148 |
295 |
|
|
2017-04-21 |
2017-04-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. |
|
40492 |
CVE-2016-1145 |
22 |
|
Dir. Trav. |
2016-01-30 |
2016-03-10 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via unspecified vectors. |
|
40493 |
CVE-2016-1143 |
79 |
|
XSS |
2016-01-30 |
2016-02-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
40494 |
CVE-2016-1142 |
78 |
|
Exec Code |
2016-01-16 |
2016-01-21 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
|
40495 |
CVE-2016-1141 |
78 |
|
Exec Code |
2016-01-30 |
2016-02-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
|
40496 |
CVE-2016-1140 |
254 |
|
|
2016-01-30 |
2016-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. |
|
40497 |
CVE-2016-1139 |
352 |
|
CSRF |
2016-01-30 |
2016-02-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
|
40498 |
CVE-2016-1138 |
|
|
|
2016-01-30 |
2016-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. |
|
40499 |
CVE-2016-1137 |
|
|
|
2016-01-30 |
2016-02-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
|
40500 |
CVE-2016-1135 |
79 |
|
XSS |
2016-01-22 |
2016-03-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
