The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2016-1000306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-1000307. Reason: This candidate is a reservation duplicate of CVE-2016-1000307. Notes: All CVE users should reference CVE-2016-1000307 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2016-1000282 | Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection. | High | Feb 6, 2019 |
| CVE-2016-1000276 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000010. Reason: This candidate is a duplicate of CVE-2017-1000010. Notes: All CVE users should reference CVE-2017-1000010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | Medium | Feb 6, 2019 |
| CVE-2016-1000271 | Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in /index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events. This attack appears to be exploitable if the attacker can reach the web server. | HIGH | Feb 4, 2019 |
| CVE-2016-1000268 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-7510. Reason: This candidate is a reservation duplicate of CVE-2016-7510. Notes: All CVE users should reference CVE-2016-7510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2016-1000259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10326. Reason: This candidate is a reservation duplicate of CVE-2016-10326. Notes: All CVE users should reference CVE-2016-10326 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2016-1000258 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10325. Reason: This candidate is a reservation duplicate of CVE-2016-10325. Notes: All CVE users should reference CVE-2016-10325 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2016-1000237 | sanitize-html before 1.4.3 has XSS. | MEDIUM | Jan 24, 2020 |
| CVE-2016-1000236 | Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | LOW | Nov 21, 2019 |
| CVE-2016-1000232 | NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0. | MEDIUM | Sep 6, 2018 |
| CVE-2016-1000229 | swagger-ui has XSS in key names | MEDIUM | Dec 20, 2019 |
| CVE-2016-1000222 | Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | MEDIUM | Jun 16, 2017 |
| CVE-2016-1000221 | Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | MEDIUM | Jun 20, 2017 |
| CVE-2016-1000220 | Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | MEDIUM | Jun 22, 2017 |
| CVE-2016-1000219 | Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. | MEDIUM | Jun 22, 2017 |
| CVE-2016-1000218 | Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | MEDIUM | Jun 26, 2017 |
| CVE-2016-1000217 | Zotpress plugin for WordPress SQLi in zp_get_account() | HIGH | Oct 7, 2016 |
| CVE-2016-1000216 | Ruckus Wireless H500 web management interface authenticated command injection | HIGH | Oct 10, 2016 |
| CVE-2016-1000215 | Ruckus Wireless H500 web management interface denial of service | MEDIUM | Nov 7, 2016 |
| CVE-2016-1000214 | Ruckus Wireless H500 web management interface authentication bypass | MEDIUM | Nov 7, 2016 |
| CVE-2016-1000213 | Ruckus Wireless H500 web management interface CSRF | MEDIUM | Nov 7, 2016 |
| CVE-2016-1000156 | Mailcwp remote file upload vulnerability incomplete fix v1.100 | HIGH | Dec 15, 2016 |
| CVE-2016-1000155 | Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000154 | Reflected XSS in wordpress plugin whizz v1.0.7 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000153 | Reflected XSS in wordpress plugin tidio-gallery v1.1 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000152 | Reflected XSS in wordpress plugin tidio-form v1.0 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000151 | Reflected XSS in wordpress plugin tera-charts v1.0 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000150 | Reflected XSS in wordpress plugin simplified-content v1.0.0 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000149 | Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000148 | Reflected XSS in wordpress plugin s3-video v0.983 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000147 | Reflected XSS in wordpress plugin recipes-writer v1.0.4 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000146 | Reflected XSS in wordpress plugin pondol-formmail v1.1 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000145 | Reflected XSS in wordpress plugin pondol-carousel v1.0 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000144 | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000143 | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000142 | Reflected XSS in wordpress plugin parsi-font v4.2.5 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000141 | Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000140 | Reflected XSS in wordpress plugin new-year-firework v1.1.9 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000139 | Reflected XSS in wordpress plugin infusionsoft v1.5.11 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000138 | Reflected XSS in wordpress plugin indexisto v1.0.5 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000137 | Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000136 | Reflected XSS in wordpress plugin heat-trackr v1.0 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000135 | Reflected XSS in wordpress plugin hdw-tube v1.2 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000134 | Reflected XSS in wordpress plugin hdw-tube v1.2 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000133 | Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | MEDIUM | Oct 11, 2016 |
| CVE-2016-1000132 | Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000131 | Reflected XSS in wordpress plugin e-search v1.0 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000130 | Reflected XSS in wordpress plugin e-search v1.0 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000129 | Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | MEDIUM | Oct 12, 2016 |
| CVE-2016-1000128 | Reflected XSS in wordpress plugin anti-plagiarism v3.60 | MEDIUM | Oct 12, 2016 |
