LiveActive security incident?Get immediate response
CVE archive

February 2016

Browse CVE records published in February 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 995 matching CVEs · Page 2 of 20.

Low · CVSS 2.5

CVE-2016-15024: doomsider shadow denial of service

A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.

Published Feb 19, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2016-15027: meta4creations Post Duplicator Plugin notices.php mtphr_post_duplicator_notice cross site scripting

A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496.

Published Feb 20, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-1000005: mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type co...

mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).

Published Feb 19, 2020 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2016-15025: generator-hottowel 404 Error _app.js cross site scripting

A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484.

Published Feb 20, 2023 · Updated Aug 6, 2024

Medium · CVSS 5.3

CVE-2016-15026: 3breadt dd-plist xml external entity reference

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.

Published Feb 20, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10712: In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_met...

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.

Published Feb 9, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10224: An issue was discovered in Sauter NovaWeb web HMI.

An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

Published Feb 13, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10215: An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2.

An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Published Feb 10, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10223: An issue was discovered in BigTree CMS before 4.2.15.

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Published Feb 14, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10164: Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-...

Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.

Published Feb 1, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10216: An issue was discovered in IT ITems DataBase (ITDB) through 1.23.

An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Published Feb 10, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10153: The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMA...

The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.

Published Feb 6, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10154: The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly w...

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.

Published Feb 6, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10028: The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Vir...

The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.

Published Feb 27, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10026: ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites...

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

Published Feb 13, 2017 · Updated Aug 6, 2024