CVE-2016-3972
Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.
Source: CVE-2016-3972
[월:] 2016년 04월
CVE-2016-3971 (dotcms)
CVE-2016-3971 (dotcms)
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
Source: CVE-2016-3971 (dotcms)
CVE-2016-3971
CVE-2016-3971
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
Source: CVE-2016-3971
CVE-2016-3943 (panda_endpoint_administration_agent)
CVE-2016-3943 (panda_endpoint_administration_agent)
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
CVE-2016-3943
CVE-2016-3943
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
Source: CVE-2016-3943
CVE-2016-3941 (ubuntu_linux, vlc_media_player)
CVE-2016-3941 (ubuntu_linux, vlc_media_player)
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
CVE-2016-3941
CVE-2016-3941
Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."
Source: CVE-2016-3941
CVE-2015-7378 (panda_security_url_filtering)
CVE-2015-7378 (panda_security_url_filtering)
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
CVE-2015-7378
CVE-2015-7378
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
Source: CVE-2015-7378
CVE-2016-4036 (leap, opensuse)
CVE-2016-4036 (leap, opensuse)
openSUSE and SUSE Linux Enterprise Server 11 SP 1 use weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.
Source: CVE-2016-4036 (leap, opensuse)