LiveActive security incident?Get immediate response
CVE archive

March 2016

Browse CVE records published in March 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 729 matching CVEs · Page 2 of 15.

Unknown · CVSS Not scored

CVE-2016-1000111: Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore...

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published Mar 11, 2020 · Updated Aug 6, 2024

Medium · CVSS 4.8

CVE-2016-15028: ICEPAY REST-API-NET Checksum Validation RestClient.cs RestClient integrity check

A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.0 is able to address this issue. The patch is named 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.

Published Mar 12, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2016-15030: Arno0x TwoFactorAuth login.php redirect

A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803.

Published Mar 25, 2023 · Updated Aug 6, 2024

Medium · CVSS 4

CVE-2016-15029: Ydalb mapicoin stats.php cross site scripting

A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The patch is identified as 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability.

Published Mar 21, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10717: A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer versi...

A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.

Published Mar 21, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10393: In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux ker...

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will overflow the allocated buffer.

Published Mar 15, 2018 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10308: Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unch...

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device's web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.

Published Mar 30, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10269: LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4....

LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6 and 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 512" and libtiff/tif_unix.c:340:2.

Published Mar 24, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users...

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

Published Mar 7, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10307: Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in...

Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This account is accessible via SSH and/or TELNET, and grants access to the underlying embedded UNIX OS on the device, allowing full control over it.

Published Mar 30, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10253: An issue was discovered in Erlang/OTP 18.x.

An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.

Published Mar 18, 2017 · Updated Aug 6, 2024