irc://irc.y0m4m4.com/ Radio Puke.World Wiki OOO
CVE List 2016 (page: 1)
2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999
| Name | Description |
|---|---|
| CVE-2016-5300 | [Updated 2021-07-31] The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an [...] |
| CVE-2016-4472 | [Updated 2021-07-31] The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via [...] |
| CVE-2016-0718 | [Updated 2021-07-31] Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. |
| CVE-2016-3189 | [Updated 2021-07-29] Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the [...] |
| CVE-2016-1000352 | In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. |
| CVE-2016-1000346 | In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other [...] |
| CVE-2016-1000345 | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, [...] |
| CVE-2016-1000344 | In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. |
| CVE-2016-1000343 | In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly [...] |
| CVE-2016-1000342 | In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up [...] |
| CVE-2016-1000341 | In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of [...] |
| CVE-2016-1000340 | In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed [...] |
| CVE-2016-1000339 | In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if [...] |
| CVE-2016-1000338 | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up [...] |
| CVE-2016-1000307 | Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, [...] |
| CVE-2016-1000282 | Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. |
| CVE-2016-1000271 | Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack [...] |
| CVE-2016-1000237 | sanitize-html before 1.4.3 has XSS. |
| CVE-2016-1000236 | Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. |
| CVE-2016-1000232 | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable [...] |
| CVE-2016-1000229 | swagger-ui has XSS in key names |
| CVE-2016-1000222 | Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. |
| CVE-2016-1000221 | Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. |
| CVE-2016-1000220 | Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. |
| CVE-2016-1000219 | Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions [...] |
| CVE-2016-1000218 | Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a [...] |
| CVE-2016-1000217 | Zotpress plugin for WordPress SQLi in zp_get_account() |
| CVE-2016-1000216 | Ruckus Wireless H500 web management interface authenticated command injection |
| CVE-2016-1000215 | Ruckus Wireless H500 web management interface denial of service |
| CVE-2016-1000214 | Ruckus Wireless H500 web management interface authentication bypass |
| CVE-2016-1000213 | Ruckus Wireless H500 web management interface CSRF |
| CVE-2016-1000156 | Mailcwp remote file upload vulnerability incomplete fix v1.100 |
| CVE-2016-1000155 | Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 |
| CVE-2016-1000154 | Reflected XSS in wordpress plugin whizz v1.0.7 |
| CVE-2016-1000153 | Reflected XSS in wordpress plugin tidio-gallery v1.1 |
| CVE-2016-1000152 | Reflected XSS in wordpress plugin tidio-form v1.0 |
| CVE-2016-1000151 | Reflected XSS in wordpress plugin tera-charts v1.0 |
| CVE-2016-1000150 | Reflected XSS in wordpress plugin simplified-content v1.0.0 |
| CVE-2016-1000149 | Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 |
| CVE-2016-1000148 | Reflected XSS in wordpress plugin s3-video v0.983 |
| CVE-2016-1000147 | Reflected XSS in wordpress plugin recipes-writer v1.0.4 |
| CVE-2016-1000146 | Reflected XSS in wordpress plugin pondol-formmail v1.1 |
| CVE-2016-1000145 | Reflected XSS in wordpress plugin pondol-carousel v1.0 |
| CVE-2016-1000144 | Reflected XSS in wordpress plugin photoxhibit v2.1.8 |
| CVE-2016-1000143 | Reflected XSS in wordpress plugin photoxhibit v2.1.8 |
| CVE-2016-1000142 | Reflected XSS in wordpress plugin parsi-font v4.2.5 |
| CVE-2016-1000141 | Reflected XSS in wordpress plugin page-layout-builder v1.9.3 |
| CVE-2016-1000140 | Reflected XSS in wordpress plugin new-year-firework v1.1.9 |
| CVE-2016-1000139 | Reflected XSS in wordpress plugin infusionsoft v1.5.11 |
| CVE-2016-1000138 | Reflected XSS in wordpress plugin indexisto v1.0.5 |
| CVE-2016-1000137 | Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 |
| CVE-2016-1000136 | Reflected XSS in wordpress plugin heat-trackr v1.0 |
| CVE-2016-1000135 | Reflected XSS in wordpress plugin hdw-tube v1.2 |
| CVE-2016-1000134 | Reflected XSS in wordpress plugin hdw-tube v1.2 |
| CVE-2016-1000133 | Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 |
| CVE-2016-1000132 | Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 |
| CVE-2016-1000131 | Reflected XSS in wordpress plugin e-search v1.0 |
| CVE-2016-1000130 | Reflected XSS in wordpress plugin e-search v1.0 |
| CVE-2016-1000129 | Reflected XSS in wordpress plugin defa-online-image-protector v3.3 |
| CVE-2016-1000128 | Reflected XSS in wordpress plugin anti-plagiarism v3.60 |
| CVE-2016-1000127 | Reflected XSS in wordpress plugin ajax-random-post v2.00 |
| CVE-2016-1000126 | Reflected XSS in wordpress plugin admin-font-editor v1.8 |
| CVE-2016-1000125 | Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla |
| CVE-2016-1000124 | Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 |
| CVE-2016-1000123 | Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla |
| CVE-2016-1000122 | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension |
| CVE-2016-1000121 | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension |
| CVE-2016-1000120 | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla |
| CVE-2016-1000119 | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla |
| CVE-2016-1000118 | XSS & SQLi in HugeIT slideshow v1.0.4 |
| CVE-2016-1000117 | XSS & SQLi in HugeIT slideshow v1.0.4 |
| CVE-2016-1000116 | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS |
| CVE-2016-1000115 | Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS |
| CVE-2016-1000114 | XSS in huge IT gallery v1.1.5 for Joomla |
| CVE-2016-1000113 | XSS and SQLi in huge IT gallery v1.1.5 for Joomla |
| CVE-2016-1000112 | Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin |
| CVE-2016-1000111 | Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the [...] |
| CVE-2016-1000110 | The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. |
| CVE-2016-1000109 | HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment [...] |
| CVE-2016-1000108 | yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY [...] |
| CVE-2016-1000107 | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, [...] |
| CVE-2016-1000104 | A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. |
| CVE-2016-1000037 | Pagure: XSS possible in file attachment endpoint |
| CVE-2016-1000033 | Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. |
| CVE-2016-1000032 | TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. |
| CVE-2016-1000031 | Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution |
| CVE-2016-1000030 | Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can [...] |
| CVE-2016-1000029 | Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269). |
| CVE-2016-1000028 | Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198). |
| CVE-2016-1000027 | Pivotal Spring Framework 4.1.4 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a [...] |
| CVE-2016-1000009 | TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. |
| CVE-2016-1000007 | Pagure 2.2.1 XSS in raw file endpoint |
| CVE-2016-1000006 | hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. |
| CVE-2016-1000005 | mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to [...] |
| CVE-2016-1000004 | Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 [...] |
| CVE-2016-1000003 | Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code. |
| CVE-2016-1000002 | gdm3 3.14.2 and possibly later has an information leak before screen lock |
| CVE-2016-1000001 | flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect |
| CVE-2016-1000000 | Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection |
| CVE-2016-20011 | libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the [...] |
| CVE-2016-20010 | EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5. |
| CVE-2016-20009 | ** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no [...] |
| CVE-2016-20008 | The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20007 | The REST/JSON project 7.x-1.x for Drupal allows session name guessing, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20006 | The REST/JSON project 7.x-1.x for Drupal allows blockage of user logins, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20005 | The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20004 | The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20003 | The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20002 | The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-20001 | The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. |
| CVE-2016-11086 | lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof [...] |
| CVE-2016-11085 | php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js [...] |
| CVE-2016-11084 | An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. |
| CVE-2016-11083 | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. |
| CVE-2016-11082 | An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. |
| CVE-2016-11081 | An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. |
| CVE-2016-11080 | An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. |
| CVE-2016-11079 | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. |
| CVE-2016-11078 | An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. |
| CVE-2016-11077 | An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. |
| CVE-2016-11076 | An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. |
| CVE-2016-11075 | An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. |
| CVE-2016-11074 | An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. |
| CVE-2016-11073 | An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. |
| CVE-2016-11072 | An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. |
| CVE-2016-11071 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. |
| CVE-2016-11070 | An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. |
| CVE-2016-11069 | An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. |
| CVE-2016-11068 | An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection. |
| CVE-2016-11067 | An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. |
| CVE-2016-11066 | An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information. |
| CVE-2016-11065 | An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance. |
| CVE-2016-11064 | An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection. |
| CVE-2016-11063 | An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. |
| CVE-2016-11062 | An issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed. |
| CVE-2016-11061 | Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the [...] |
| CVE-2016-11060 | Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10. |
| CVE-2016-11059 | Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, [...] |
| CVE-2016-11058 | The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. |
| CVE-2016-11057 | Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, [...] |
| CVE-2016-11056 | Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier. |
| CVE-2016-11055 | Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 [...] |
| CVE-2016-11054 | NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. |
| CVE-2016-11053 | An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January [...] |
| CVE-2016-11052 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is [...] |
| CVE-2016-11050 | An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is [...] |
| CVE-2016-11049 | An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key [...] |
| CVE-2016-11048 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March [...] |
| CVE-2016-11047 | An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. [...] |
| CVE-2016-11046 | An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software. Because of a misused whitelist, attackers can reach the radio layer (aka RIL or RILD) to place calls [...] |
| CVE-2016-11045 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. The Gallery library allow memory corruption via a malformed image. The Samsung ID is SVE-2016-5317 (May 2016). |
| CVE-2016-11044 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. The check of an application's signature can be bypassed during installation. The [...] |
| CVE-2016-11043 | An issue was discovered on Samsung mobile devices with M(6.0) software. The S/MIME implementation in EAS uses DES (where 3DES is intended). The Samsung ID is SVE-2016-5871 (June 2016). |
| CVE-2016-11042 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. There is a SIM Lock bypass. The Samsung ID is SVE-2016-5381 (June 2016). |
| CVE-2016-11041 | An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). |
| CVE-2016-11040 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 [...] |
| CVE-2016-11039 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket [...] |
| CVE-2016-11038 | An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for [...] |
| CVE-2016-11036 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). |
| CVE-2016-11035 | An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets). A local graphics user can cause a Kernel Crash via the fb0(DECON) frame buffer interface. The [...] |
| CVE-2016-11034 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. The decode function in Qjpeg in Qt 5.7 allows attackers to trigger a system crash via a malformed image. The [...] |
| CVE-2016-11033 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). |
| CVE-2016-11032 | An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and [...] |
| CVE-2016-11031 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. AntService allows a system_server crash and reboot. The Samsung ID is SVE-2016-7044 (November 2016). |
| CVE-2016-11030 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, [...] |
| CVE-2016-11029 | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The [...] |
| CVE-2016-11028 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are [...] |
| CVE-2016-11027 | An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is [...] |
| CVE-2016-11026 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The [...] |
| CVE-2016-11025 | An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is [...] |
| CVE-2016-11024 | odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. |
| CVE-2016-11023 | odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. |
| CVE-2016-11022 | NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to [...] |
| CVE-2016-11021 | setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter. |
| CVE-2016-11020 | Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution. |
| CVE-2016-11018 | An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is [...] |
| CVE-2016-11017 | The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a [...] |
| CVE-2016-11016 | NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. |
| CVE-2016-11015 | NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. |
| CVE-2016-11014 | NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. |
| CVE-2016-11013 | The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. |
| CVE-2016-11012 | The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. |
| CVE-2016-11011 | The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. |
| CVE-2016-11010 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. |
| CVE-2016-11009 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. |
| CVE-2016-11008 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. |
| CVE-2016-11007 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. |
| CVE-2016-11006 | The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. |
| CVE-2016-11005 | The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. |
| CVE-2016-11004 | The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. |
| CVE-2016-11003 | The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. |
| CVE-2016-11002 | The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. |
| CVE-2016-11001 | The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. |
| CVE-2016-11000 | The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. |
| CVE-2016-10999 | The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. |
| CVE-2016-10998 | The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. |
| CVE-2016-10997 | The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php. |
| CVE-2016-10996 | The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. |
| CVE-2016-10995 | The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php. |
| CVE-2016-10994 | The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. |
| CVE-2016-10993 | The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter. |
| CVE-2016-10992 | The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. |
| CVE-2016-10991 | The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion. |
| CVE-2016-10990 | The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header. |
| CVE-2016-10989 | The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF. |
| CVE-2016-10988 | The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. |
| CVE-2016-10987 | The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. |
| CVE-2016-10986 | The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. |
| CVE-2016-10985 | The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. |
| CVE-2016-10984 | The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. |
| CVE-2016-10983 | The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. |
| CVE-2016-10982 | The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. |
| CVE-2016-10981 | The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. |
| CVE-2016-10980 | The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. |
| CVE-2016-10979 | The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. |
| CVE-2016-10978 | The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF. |
| CVE-2016-10977 | The nelio-ab-testing plugin before 4.5.0 for WordPress has filename=..%2f directory traversal. |
| CVE-2016-10976 | The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. |
| CVE-2016-10975 | The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. |
| CVE-2016-10974 | The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has frs_save CSRF with resultant stored XSS. |
| CVE-2016-10973 | The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. |
| CVE-2016-10972 | The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. |
| CVE-2016-10971 | The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. |
| CVE-2016-10970 | The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. |
| CVE-2016-10969 | The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. |
| CVE-2016-10968 | The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. |
| CVE-2016-10967 | The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. |
| CVE-2016-10966 | The real3d-flipbook-lite plugin 1.0 for WordPress has bookName=../ directory traversal for file upload. |
| CVE-2016-10965 | The real3d-flipbook-lite plugin 1.0 for WordPress has deleteBook=../ directory traversal for file deletion. |
| CVE-2016-10964 | The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. |
| CVE-2016-10963 | The icegram plugin before 1.9.19 for WordPress has XSS. |
| CVE-2016-10962 | The icegram plugin before 1.9.19 for WordPress has CSRF via the wp-admin/edit.php option_name parameter. |
| CVE-2016-10961 | The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. |
| CVE-2016-10960 | The wsecure plugin before 2.4 for WordPress has remote code execution via shell metacharacters in the wsecure-config.php publish parameter. |
| CVE-2016-10959 | The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php. |
| CVE-2016-10958 | The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php. |
| CVE-2016-10957 | The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. |
| CVE-2016-10956 | The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. |
| CVE-2016-10955 | The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking. |
| CVE-2016-10954 | The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload. |
| CVE-2016-10953 | The Headway theme before 3.8.9 for WordPress has XSS via the license key field. |
| CVE-2016-10952 | The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. |
| CVE-2016-10951 | The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. |
| CVE-2016-10950 | The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. |
| CVE-2016-10949 | The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. |
| CVE-2016-10948 | The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function. |
| CVE-2016-10947 | The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. |
| CVE-2016-10946 | The wp-d3 plugin before 2.4.1 for WordPress has CSRF. |
| CVE-2016-10945 | The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF. |
| CVE-2016-10944 | The multisite-post-duplicator plugin before 1.1.3 for WordPress has wp-admin/tools.php?page=mpd CSRF. |
Copyright © 1999–2021, The MITRE Corporation
LICENSE
Submissions: For all materials you submit to the Common Vulnerabilities and Exposures (CVE®), you hereby grant to The MITRE Corporation (MITRE) and all CVE Numbering Authorities (CNAs) a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute such materials and derivative works. Unless required by applicable law or agreed to in writing, you provide such materials on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.
DISCLAIMERS
ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN PROVIDED BY MITRE ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.