Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-31 | CVE-2016-5332 | Path Traversal vulnerability in VMWare Vrealize LOG Insight Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. | 5.3 |
| 2016-08-30 | CVE-2016-6195 | SQL Injection vulnerability in Vbulletin 4.2.2/4.2.3 SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016. | 9.8 |
| 2016-08-30 | CVE-2016-7115 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mac-Telnet Project Mac-Telnet Buffer overflow in the handle_packet function in mactelnet.c in the client in MAC-Telnet 0.4.3 and earlier allows remote TELNET servers to execute arbitrary code via a long string in an MT_CPTYPE_PASSSALT control packet. | 9.8 |
| 2016-08-30 | CVE-2016-5344 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c. | 9.8 |
| 2016-08-30 | CVE-2016-5342 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data. | 7.8 |
| 2016-08-30 | CVE-2016-0397 | Information Exposure vulnerability in IBM Bigfix Webreports WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. | 5.9 |
| 2016-08-30 | CVE-2016-0292 | Information Exposure vulnerability in IBM Bigfix WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows local users to discover the cleartext system password by reading a report. | 5.5 |
| 2016-08-29 | CVE-2016-5721 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-26 | CVE-2015-5399 | Cross-site Scripting vulnerability in PHPvibe 4.20 Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | 5.4 |
| 2016-08-26 | CVE-2016-5683 | Unspecified vulnerability in Readydesk 9.1 ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file. | 7.8 |