The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2016-4882 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4881 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4880 | Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | LOW | May 12, 2017 | n/a |
CVE-2016-4879 | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4878 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4877 | Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | LOW | May 12, 2017 | n/a |
CVE-2016-4876 | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4875 | Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | Apr 21, 2017 | n/a |
CVE-2016-4874 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a reflected file download attack. | LOW | Apr 20, 2017 | n/a |
CVE-2016-4873 | The Project function in Cybozu Office 9.0.0 through 10.4.0 does not properly check access permissions, which allows remote authenticated users to alter project information. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4872 | The breadcrumb trail component in Cybozu Office 9.0.0 through 10.4.0 allows remote authenticated users to read the names of closed projects. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4871 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4870 | Cross-site scripting (XSS) vulnerability in Schedule function in Cybozu Office 9.0.0 through 10.4.0. | LOW | Apr 20, 2017 | n/a |
CVE-2016-4869 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to obtain session information from users. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4868 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to inject arbitrary email headers. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4867 | The Project function in Cybozu 9.0.0 through 10.4.0 allows remote authenticated users to read closed project information. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4866 | Cross-site scripting (XSS) vulnerability in the Project function in Cybozu Office 9.0.0 through 10.4.0. | LOW | Apr 20, 2017 | n/a |
CVE-2016-4865 | Cross-site scripting (XSS) vulnerability in the Customapp function in Cybozu Office 9.0.0 through 10.4.0. | LOW | Apr 20, 2017 | n/a |
CVE-2016-4864 | H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service (DoS) via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4863 | The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when Internet pass-thru Mode is enabled, which allows attackers with access to STA side LAN can obtain files or data. | LOW | May 23, 2017 | n/a |
CVE-2016-4862 | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4861 | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. | HIGH | Feb 22, 2017 | n/a |
CVE-2016-4859 | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4858 | Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | LOW | May 12, 2017 | n/a |
CVE-2016-4857 | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4856 | Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | LOW | May 12, 2017 | n/a |
CVE-2016-4855 | Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4854 | Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors. | MEDIUM | May 23, 2017 | n/a |
CVE-2016-4850 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4849 | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in (1) public_html/layout/default/header.thtml, (2) public_html/layout/bento/header.thtml, (3) public_html/layout/fotos/header.thtml, or (4) public_html/layout/default/article/article.thtml. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4847 | Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4846 | Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer before 3.7.8.2. | HIGH | Apr 21, 2017 | n/a |
CVE-2016-4844 | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4843 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information. | MEDIUM | Apr 24, 2017 | n/a |
CVE-2016-4842 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4841 | Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | MEDIUM | Apr 21, 2017 | n/a |
CVE-2016-4840 | Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | MEDIUM | Apr 21, 2017 | n/a |
CVE-2016-4839 | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION do not properly implement the WebView class, which allows an attacker to disclose information stored on the device via a specially crafted application. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4838 | The Android Apps Money Forward (prior to v7.18.0), Money Forward for The Gunma Bank (prior to v1.2.0), Money Forward for SHIGA BANK (prior to v1.2.0), Money Forward for SHIZUOKA BANK (prior to v1.4.0), Money Forward for SBI Sumishin Net Bank (prior to v1.6.0), Money Forward for Tokai Tokyo Securities (prior to v1.4.0), Money Forward for THE TOHO BANK (prior to v1.3.0), Money Forward for YMFG (prior to v1.5.0) provided by Money Forward, Inc. and Money Forward for AppPass (prior to v7.18.3), Money Forward for au SMARTPASS (prior to v7.18.0), Money Forward for Chou Houdai (prior to v7.18.3) provided by SOURCENEXT CORPORATION allows an attacker to execute unintended operations via a specially crafted application. | MEDIUM | May 12, 2017 | n/a |
CVE-2016-4836 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2016-4835 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2016-4832 | WAON Service Application for Android 1.4.1 and earlier does not verify SSL certificates. | MEDIUM | Apr 21, 2017 | n/a |
CVE-2016-4830 | Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | MEDIUM | Apr 21, 2017 | n/a |
CVE-2016-4829 | DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | MEDIUM | Apr 21, 2017 | n/a |
CVE-2016-4818 | DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | MEDIUM | Apr 20, 2017 | n/a |
CVE-2016-4808 | Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim. | MEDIUM | Jan 12, 2017 | n/a |
CVE-2016-4807 | Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin). | LOW | Jan 11, 2017 | n/a |
CVE-2016-4806 | Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files. | MEDIUM | Jan 12, 2017 | n/a |
CVE-2016-4804 | The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function. | LOW | Jun 3, 2016 | n/a |
CVE-2016-4802 | Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | MEDIUM | Jun 27, 2016 | webcli_curl-7.50.3.0 (VxWorks 7) |