CVE & Exploit Intelligence Database

CVE-2016-4393 5.4 MEDIUM EPSS 0.00

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

CWE-79 Oct 28, 2016

CVE-2016-9018 5.5 MEDIUM 1 PoC Analysis EPSS 0.01

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.

CWE-476 Oct 28, 2016

CVE-2016-8889 6.2 MEDIUM 1 Writeup EPSS 0.00

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.

CWE-310 Oct 28, 2016

CVE-2016-8871 6.2 MEDIUM EPSS 0.00

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.

CWE-200 Oct 28, 2016

CVE-2016-8583 6.1 MEDIUM EPSS 0.00

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.

CWE-79 Oct 28, 2016

CVE-2016-8581 6.1 MEDIUM 2 PoCs Analysis EPSS 0.68

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.

CWE-79 Oct 28, 2016

CVE-2016-8579 4.0 MEDIUM EPSS 0.00

docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.

CWE-399 Oct 28, 2016

CVE-2016-1423 6.1 MEDIUM EPSS 0.01

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.

CWE-79 Oct 28, 2016

CVE-2016-6440 6.5 MEDIUM EPSS 0.00

The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2).

CWE-20 Oct 27, 2016

CVE-2016-6438 5.9 MEDIUM EPSS 0.00

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1).

CWE-264 Oct 27, 2016

CVE-2016-6437 5.9 MEDIUM EPSS 0.01

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32).

CWE-399 Oct 27, 2016

CVE-2016-1000121 4.8 MEDIUM EPSS 0.00

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

CWE-79 Oct 27, 2016

CVE-2016-1598 5.4 MEDIUM EPSS 0.00

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

CWE-79 Oct 27, 2016

CVE-2016-1592 6.1 MEDIUM EPSS 0.00

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

CWE-79 Oct 27, 2016

CVE-2015-0787 6.1 MEDIUM EPSS 0.00

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.

CWE-79 Oct 27, 2016

CVE-2016-8506 6.1 MEDIUM EPSS 0.00

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

CWE-79 Oct 26, 2016

CVE-2016-8505 6.1 MEDIUM EPSS 0.00

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.

CWE-79 Oct 26, 2016

CVE-2016-8504 4.3 MEDIUM EPSS 0.00

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

CWE-352 Oct 26, 2016

CVE-2016-8501 5.3 MEDIUM EPSS 0.00

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

CWE-264 Oct 26, 2016

CVE-2016-8295 4.3 MEDIUM EPSS 0.00

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors.

CWE-200 Oct 25, 2016