Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-6601 Path Traversal vulnerability in Zohocorp Webnms Framework 5.2
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a ..
network
low complexity
zohocorp CWE-22
7.5
2017-01-23 CVE-2016-6600 Path Traversal vulnerability in Zohocorp Webnms Framework 5.2
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a ..
network
low complexity
zohocorp CWE-22
critical
9.8
2017-01-23 CVE-2016-6582 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper
The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.
network
low complexity
doorkeeper-project CWE-254
critical
9.1
2017-01-23 CVE-2016-6521 Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 1.5.9/2.0.6
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
network
low complexity
gopivotal CWE-352
8.8
2017-01-23 CVE-2016-6517 Path Traversal vulnerability in Liferay 5.1.0
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
network
low complexity
liferay CWE-22
critical
9.8
2017-01-23 CVE-2016-6484 CRLF Injection vulnerability in Infoblox Netmri
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
network
low complexity
infoblox CWE-93
6.1
2017-01-23 CVE-2016-6223 Numeric Errors vulnerability in Libtiff
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
network
low complexity
libtiff CWE-189
critical
9.1
2017-01-23 CVE-2016-6164 Integer Overflow or Wraparound vulnerability in Ffmpeg
Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.
network
low complexity
ffmpeg CWE-190
critical
9.8
2017-01-23 CVE-2016-6160 Resource Management Errors vulnerability in Broadcom Tcpreplay
tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.
network
low complexity
broadcom CWE-399
7.5
2017-01-23 CVE-2016-5876 Permissions, Privileges, and Access Controls vulnerability in Owncloud
ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.
network
high complexity
owncloud CWE-264
5.9