Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-6601 | Path Traversal vulnerability in Zohocorp Webnms Framework 5.2 Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-01-23 | CVE-2016-6600 | Path Traversal vulnerability in Zohocorp Webnms Framework 5.2 Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. | 9.8 |
| 2017-01-23 | CVE-2016-6582 | 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification. | 9.1 |
| 2017-01-23 | CVE-2016-6521 | Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 1.5.9/2.0.6 Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors. | 8.8 |
| 2017-01-23 | CVE-2016-6517 | Path Traversal vulnerability in Liferay 5.1.0 Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. | 9.8 |
| 2017-01-23 | CVE-2016-6484 | CRLF Injection vulnerability in Infoblox Netmri CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. | 6.1 |
| 2017-01-23 | CVE-2016-6223 | Numeric Errors vulnerability in Libtiff The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. | 9.1 |
| 2017-01-23 | CVE-2016-6164 | Integer Overflow or Wraparound vulnerability in Ffmpeg Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. | 9.8 |
| 2017-01-23 | CVE-2016-6160 | Resource Management Errors vulnerability in Broadcom Tcpreplay tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266. | 7.5 |
| 2017-01-23 | CVE-2016-5876 | Permissions, Privileges, and Access Controls vulnerability in Owncloud ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | 5.9 |