Total
316927 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-15003 | 2 Filezilla-project, Microsoft | 2 Filezilla Client, Windows | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2016-15002 | 1 Ideracorp | 1 Webyog Monyog Ultimate | 2024-11-21 | 6.5 MEDIUM | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. | |||||
| CVE-2016-11086 | 1 Oauth-ruby Project | 1 Oauth-ruby | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
| CVE-2016-11085 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | |||||
| CVE-2016-11084 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF. | |||||
| CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | |||||
| CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | |||||
| CVE-2016-11081 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser. | |||||
| CVE-2016-11080 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details. | |||||
| CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | |||||
| CVE-2016-11078 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI. | |||||
| CVE-2016-11077 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account. | |||||
| CVE-2016-11076 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | |||||
| CVE-2016-11075 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API. | |||||
| CVE-2016-11074 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused. | |||||
| CVE-2016-11073 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | |||||
| CVE-2016-11072 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled. | |||||
| CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | |||||
| CVE-2016-11070 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | |||||
| CVE-2016-11069 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change. | |||||