Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2015-1000001 Unrestricted Upload of File with Dangerous Type vulnerability in Fast-Image-Adder Project Fast-Image-Adder 1.1
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
network
low complexity
fast-image-adder-project CWE-434
critical
 9.8
9.8
2016-10-06 CVE-2015-1000000 Unrestricted Upload of File with Dangerous Type vulnerability in Mailcwp Project Mailcwp 1.99
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
network
low complexity
mailcwp-project CWE-434
critical
 9.8
9.8
2016-10-06 CVE-2016-6653 Information Exposure vulnerability in Pivotal Software Cloud Foundry CF Mysql 27.0/28.0
The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) cf-mysql-release 27 and 28 allows remote attackers to obtain sensitive information by reading syslog messages, as demonstrated by cleartext credentials.
network
low complexity
pivotal-software CWE-200
7.5
7.5
2016-10-06 CVE-2016-6436 Cross-site Scripting vulnerability in Cisco Hostscan Engine
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
network
low complexity
cisco CWE-79
6.1
6.1
2016-10-06 CVE-2016-6435 Information Exposure vulnerability in Cisco Secure Firewall Management Center 6.0.1
The web console in Cisco Firepower Management Center 6.0.1 allows remote authenticated users to read arbitrary files via crafted parameters, aka Bug ID CSCva30376.
network
low complexity
cisco CWE-200
6.5
6.5
2016-10-06 CVE-2016-6434 Improper Authentication vulnerability in Cisco Secure Firewall Management Center 6.0.1
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370.
local
low complexity
cisco CWE-287
7.8
7.8
2016-10-06 CVE-2016-6433 Improper Input Validation vulnerability in Cisco Secure Firewall Management Center
The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872.
network
low complexity
cisco CWE-20
8.8
8.8
2016-10-06 CVE-2016-6428 Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XR 6.1.1
Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349.
local
low complexity
cisco CWE-264
7.8
7.8
2016-10-06 CVE-2016-6427 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.
network
low complexity
cisco CWE-352
8.8
8.8
2016-10-06 CVE-2016-6425 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
network
low complexity
cisco CWE-79
6.1
6.1