CVE & Exploit Intelligence Database

CVE-2016-3195 6.1 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 19, 2016

CVE-2016-3194 6.1 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 19, 2016

CVE-2016-3193 5.4 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 19, 2016

CVE-2016-3089 6.1 MEDIUM EPSS 0.01

Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.

CWE-79 Aug 19, 2016

CVE-2016-5847 5.8 MEDIUM 1 PoC Analysis EPSS 0.00

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.

CWE-264 Aug 13, 2016

CVE-2016-5845 5.5 MEDIUM 1 PoC Analysis EPSS 0.02

SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.

Aug 13, 2016

CVE-2016-6214 6.5 MEDIUM EPSS 0.07

gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

CWE-125 Aug 12, 2016

CVE-2016-6207 6.5 MEDIUM EPSS 0.09

Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.

CWE-119 Aug 12, 2016

CVE-2016-6161 6.5 MEDIUM EPSS 0.01

The output function in gd_gif_out.c in the GD Graphics Library (aka libgd) allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

CWE-125 Aug 12, 2016

CVE-2016-6132 6.5 MEDIUM EPSS 0.02

The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.

CWE-125 Aug 12, 2016

CVE-2016-3329 5.3 MEDIUM EPSS 0.33

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."

CWE-200 Aug 09, 2016

CVE-2016-3327 5.3 MEDIUM EPSS 0.33

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.

CWE-200 Aug 09, 2016

CVE-2016-3326 5.3 MEDIUM EPSS 0.17

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.

CWE-200 Aug 09, 2016

CVE-2016-3320 4.9 MEDIUM EPSS 0.10

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow attackers to bypass the Secure Boot protection mechanism by leveraging (1) administrative or (2) physical access to install a crafted boot manager, aka "Secure Boot Security Feature Bypass."

CWE-254 Aug 09, 2016

CVE-2016-3315 5.5 MEDIUM EPSS 0.35

Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."

CWE-200 Aug 09, 2016

CVE-2016-3299 5.3 MEDIUM EPSS 0.07

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability."

CWE-284 Aug 09, 2016

CVE-2016-4253 5.3 MEDIUM EPSS 0.03

The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.

CWE-200 Aug 09, 2016

CVE-2016-4170 6.1 MEDIUM EPSS 0.01

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 09, 2016

CVE-2016-4169 5.3 MEDIUM EPSS 0.02

Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain sensitive audit log event information via unspecified vectors.

CWE-200 Aug 09, 2016

CVE-2016-4168 6.1 MEDIUM EPSS 0.01

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 09, 2016