The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2016-1215 | Cross-site scripting (XSS) vulnerability in the User details function in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 |
| CVE-2016-1214 | Cross-site scripting (XSS) vulnerability in the Response request function in Cybozu Garoon before 4.2.2. | MEDIUM | Apr 20, 2017 |
| CVE-2016-1213 | The Scheduler function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | MEDIUM | Apr 20, 2017 |
| CVE-2016-1212 | Directory traversal vulnerability in futomi MP Form Mail CGI Professional Edition 3.2.3 and earlier allows remote authenticated administrators to read arbitrary files via unspecified vectors. | MEDIUM | Jun 6, 2016 |
| CVE-2016-1211 | Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Jun 7, 2016 |
| CVE-2016-1210 | The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1209 | The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. | HIGH | May 14, 2016 |
| CVE-2016-1208 | The server in Apple FileMaker before 14.0.4 on OS X allows remote attackers to read PHP source code via unspecified vectors. | MEDIUM | May 14, 2016 |
| CVE-2016-1207 | Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | LOW | May 14, 2016 |
| CVE-2016-1206 | The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. | LOW | May 14, 2016 |
| CVE-2016-1205 | Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | May 10, 2016 |
| CVE-2016-1203 | Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed. | -- | Oct 31, 2023 |
| CVE-2016-1202 | Untrusted search path vulnerability in Atom Electron before 0.33.5 allows local users to gain privileges via a Trojan horse Node.js module in a parent directory of a directory named on a require line.<a href=http://cwe.mitre.org/data/definitions/426.html>CWE-426: Untrusted Search Path</a> | HIGH | May 4, 2016 |
| CVE-2016-1201 | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to hijack the authentication of administrators. | MEDIUM | May 3, 2016 |
| CVE-2016-1200 | The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | MEDIUM | May 6, 2016 |
| CVE-2016-1199 | The login page in the management screen in LOCKON EC-CUBE 3.0.0 through 3.0.9 allows remote attackers to bypass intended IP address restrictions via unspecified vectors, a different vulnerability than CVE-2016-1200. | MEDIUM | May 5, 2016 |
| CVE-2016-1198 | Photopt for Android before 2.0.1 does not verify SSL certificates. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1197 | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775. | MEDIUM | Jun 21, 2016 |
| CVE-2016-1196 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | MEDIUM | Jun 21, 2016 |
| CVE-2016-1195 | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.<a href=http://cwe.mitre.org/data/definitions/601.html>CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> | MEDIUM | Jun 20, 2016 |
| CVE-2016-1194 | Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1193 | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | MEDIUM | Jun 27, 2016 |
| CVE-2016-1192 | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | MEDIUM | Jun 21, 2016 |
| CVE-2016-1191 | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | MEDIUM | Jun 21, 2016 |
| CVE-2016-1190 | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | MEDIUM | Jun 27, 2016 |
| CVE-2016-1189 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | MEDIUM | Jun 27, 2016 |
| CVE-2016-1188 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | MEDIUM | Jun 27, 2016 |
| CVE-2016-1187 | Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1186 | Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1185 | The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. | LOW | May 9, 2016 |
| CVE-2016-1184 | Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | MEDIUM | Apr 21, 2017 |
| CVE-2016-1183 | NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname. | MEDIUM | Jun 23, 2016 |
| CVE-2016-1182 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | MEDIUM | Jul 6, 2016 |
| CVE-2016-1181 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. | MEDIUM | Jul 6, 2016 |
| CVE-2016-1180 | Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Apr 11, 2016 |
| CVE-2016-1179 | Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML. | MEDIUM | Apr 20, 2017 |
| CVE-2016-1178 | The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors. | MEDIUM | Apr 20, 2017 |
| CVE-2016-1177 | The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | MEDIUM | Apr 11, 2016 |
| CVE-2016-1176 | Buffer overflow in the ActiveX control in Sharp EVA Animeter allows remote attackers to execute arbitrary code via a crafted web page. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1175 | Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player HN-PP150 1.02.00.04 through 1.03.01.04 allows remote attackers to hijack the authentication of arbitrary users. | MEDIUM | Apr 6, 2016 |
| CVE-2016-1174 | Cross-site request forgery (CSRF) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1173 | Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1172 | Cross-site request forgery (CSRF) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to hijack the authentication of administrators. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1171 | Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1170 | Cross-site request forgery (CSRF) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to hijack the authentication of administrators. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1169 | Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Apr 7, 2016 |
| CVE-2016-1168 | Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users. | MEDIUM | Apr 1, 2016 |
| CVE-2016-1167 | Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP devices allows remote attackers to hijack the authentication of arbitrary users. | MEDIUM | Apr 1, 2016 |
| CVE-2016-1166 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
| CVE-2016-1165 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 |
