Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-23 CVE-2013-7448 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.
network
low complexity
debian didiwiki-project CWE-22
7.5
2016-02-23 CVE-2016-2537 Improper Input Validation vulnerability in IS MY Json Valid Project IS MY Json Valid
The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.
network
low complexity
is-my-json-valid-project CWE-20
7.5
2016-02-22 CVE-2016-2536 Resource Management Errors vulnerability in multiple products
Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document.
network
low complexity
sap google CWE-399
8.8
2016-02-22 CVE-2015-5338 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
network
low complexity
moodle CWE-352
8.8
2016-02-22 CVE-2015-5267 7PK - Security Features vulnerability in Moodle
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
network
low complexity
moodle CWE-254
7.5
2016-02-22 CVE-2015-3272 Unspecified vulnerability in Moodle
Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
network
low complexity
moodle
7.4
2016-02-20 CVE-2016-2041 7PK - Security Features vulnerability in multiple products
libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences.
network
low complexity
fedoraproject phpmyadmin opensuse CWE-254
7.5
2016-02-20 CVE-2016-1927 7PK - Security Features vulnerability in PHPmyadmin
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
network
low complexity
phpmyadmin CWE-254
7.5
2016-02-19 CVE-2016-1335 Permissions, Privileges, and Access Controls vulnerability in Cisco ASR 5000 Series Software
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492.
network
high complexity
cisco CWE-264
7.5
2016-02-18 CVE-2016-0069 Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068.
network
low complexity
microsoft CWE-264
8.8