Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-6920 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions. | 7.5 |
| 2017-01-23 | CVE-2016-6668 | Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. | 7.5 |
| 2017-01-23 | CVE-2016-6603 | Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header. | 9.8 |
| 2017-01-23 | CVE-2016-6602 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2 ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. | 9.8 |
| 2017-01-23 | CVE-2016-6601 | Path Traversal vulnerability in Zohocorp Webnms Framework 5.2 Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-01-23 | CVE-2016-6600 | Path Traversal vulnerability in Zohocorp Webnms Framework 5.2 Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. | 9.8 |
| 2017-01-23 | CVE-2016-6582 | 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. | 9.1 |
| 2017-01-23 | CVE-2016-6521 | Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 1.5.9/2.0.6 Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | 8.8 |
| 2017-01-23 | CVE-2016-6517 | Path Traversal vulnerability in Liferay 5.1.0 Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. | 9.8 |
| 2017-01-23 | CVE-2016-6484 | CRLF Injection vulnerability in Infoblox Netmri CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | 6.1 |