CVE-2016-9081 (joomla!)
Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.
Source: CVE-2016-9081 (joomla!)
[월:] 2017년 01월
CVE-2016-6521 (grails)
CVE-2016-6521 (grails)
Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.
Source: CVE-2016-6521 (grails)
CVE-2016-6517 (liferay)
CVE-2016-6517 (liferay)
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.
Source: CVE-2016-6517 (liferay)
CVE-2016-6600 (webnms_framework)
CVE-2016-6600 (webnms_framework)
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
Source: CVE-2016-6600 (webnms_framework)
CVE-2016-9379 (xen)
CVE-2016-9379 (xen)
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
Source: CVE-2016-9379 (xen)
CVE-2016-9380 (xen)
CVE-2016-9380 (xen)
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
Source: CVE-2016-9380 (xen)
CVE-2016-7567 (openslp)
CVE-2016-7567 (openslp)
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
Source: CVE-2016-7567 (openslp)
CVE-2016-7410 (libdwarf)
CVE-2016-7410 (libdwarf)
The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.
Source: CVE-2016-7410 (libdwarf)
CVE-2016-7102 (owncloud_desktop)
CVE-2016-7102 (owncloud_desktop)
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary and possibly gain privileges via a Trojan library in a "special path" in the C: drive.
Source: CVE-2016-7102 (owncloud_desktop)
CVE-2016-6601 (webnms_framework)
CVE-2016-6601 (webnms_framework)
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
Source: CVE-2016-6601 (webnms_framework)