LiveActive security incident?Get immediate response
CVE archive

June 2016

Browse CVE records published in June 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 826 matching CVEs · Page 1 of 17.

High · CVSS 8.5

CVE-2016-20089: Iperius Remote 1.7.0 Unquoted Service Path Elevation of Privilege

Iperius Remote 1.7.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation path. When installed from directories containing spaces, attackers can place malicious executables in the path to be executed with elevated privileges during service startup or system reboot.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.5

CVE-2016-20095: Matrix42 Remote Control Host 3.20.0031 Unquoted Path Privilege Escalation

Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.5

CVE-2016-20093: Wise Care 365 4.27 and Wise Disk Cleaner 9.29 Unquoted Service Path Privilege Escalation

Wise Care 365 4.27 and Wise Disk Cleaner 9.29 contain unquoted service path vulnerabilities in the WiseBootAssistant and SpyHunter 4 Service respectively, allowing local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that execute during service startup or system reboot with elevated privileges.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.5

CVE-2016-20092: NetDrive 2.6.12 Unquoted Service Path Elevation of Privilege

NetDrive 2.6.12 contains an unquoted service path vulnerability in the Netdrive2_Service_Netdrive2 service that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can insert malicious executables in the system root path that will be executed during service startup or system reboot, resulting in privilege escalation.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.5

CVE-2016-20087: Fortitude HTTP 1.0.4.0 Unquoted Service Path Elevation of Privilege

Fortitude HTTP 1.0.4.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated privileges by exploiting the service binary path. Attackers can insert malicious executables in the system root path that execute with SYSTEM privileges during service startup or system reboot.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.5

CVE-2016-20091: Windows Firewall Control 4.8.6.0 Unquoted Service Path Privilege Escalation

Windows Firewall Control 4.8.6.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by inserting malicious executables in the service path. Attackers can place executable files in unquoted path directories that the wfcs.exe service will execute with LocalSystem privileges upon service restart or system reboot.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.5

CVE-2016-20086: Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation

Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 7.2

CVE-2016-20084: WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScript into the 'ict' and 'ics' options or the calendar 'name' parameter via GET requests to execute arbitrary scripts when the calendar is displayed or accessed in the administration interface.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 6.9

CVE-2016-20078: WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php

WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.

Published Jun 15, 2026 · Updated Jun 15, 2026

High · CVSS 8.8

CVE-2016-20073: Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 5.3

CVE-2016-20067: WordPress CP Polls 1.0.8 Cross-Site Request Forgery

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.

Published Jun 15, 2026 · Updated Jun 15, 2026

High · CVSS 8.8

CVE-2016-20069: WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to execute arbitrary SQL queries and extract sensitive database information.

Published Jun 15, 2026 · Updated Jun 15, 2026

High · CVSS 8.8

CVE-2016-20075: WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 6.9

CVE-2016-20080: WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php

WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.

Published Jun 15, 2026 · Updated Jun 15, 2026

High · CVSS 8.8

CVE-2016-20068: WordPress Booking Calendar Contact Form 1.0.23 SQL Injection

WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint with the action parameter set to 'dex_bccf_calendar_ajaxevent' and supply crafted SQL commands in the 'id' parameter to extract sensitive database information.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 6.9

CVE-2016-20079: WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php

WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 5.3

CVE-2016-20074: WordPress Lazy Content Slider Plugin 3.4 CSRF

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

Published Jun 15, 2026 · Updated Jun 15, 2026

Medium · CVSS 6.4

CVE-2016-20070: WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS

WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with subscriber-level accounts can inject XSS payloads through parameters like price, name, calendar_language, and email_confirmation_to_user via admin-ajax.php and admin.php endpoints to execute arbitrary JavaScript in administrator browsers.

Published Jun 15, 2026 · Updated Jun 15, 2026

High · CVSS 8.8

CVE-2016-20065: Product Catalog 8 1.2 Plugin WordPress SQL Injection

Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables.

Published Jun 9, 2026 · Updated Jun 9, 2026

Medium · CVSS 6.9

CVE-2016-20064: WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 7.1

CVE-2016-20063: Single Personal Message 1.0.3 WordPress Plugin SQL Injection

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to extract sensitive database information including user credentials and site configuration data.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2016-20062: Simply Poll 1.4.1 Plugin for WordPress SQL Injection

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' action and malicious 'pollid' values to execute arbitrary SQL queries and read sensitive data from the WordPress database.

Published Jun 9, 2026 · Updated Jun 9, 2026

Critical · CVSS 9.8

CVE-2016-15033: Delete All Comments <= 2.0 - Arbitrary File Upload

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Jun 7, 2023 · Updated Apr 8, 2026

High · CVSS 7.5 · CISA KEV

CVE-2016-9079: A use-after-free vulnerability in SVG Animation has been discovered.

A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.

Published Jun 11, 2018 · Updated Oct 21, 2025

High · CVSS 7.3

CVE-2016-15002: MONyog Ultimate Cookie privileges management

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.

Published Jun 9, 2022 · Updated Apr 15, 2025

Unknown · CVSS Not scored

CVE-2016-10605: dalek-browser-ie is Internet Explorer bindings for DalekJS.

dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10648: marionette-socket-host is a marionette-js-runner host for sending actions over a socket.

marionette-socket-host is a marionette-js-runner host for sending actions over a socket. marionette-socket-host downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10689: The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary...

The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Low · CVSS 3.7

CVE-2016-9042: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4...

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10690: openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim.

openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10625: headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies.

headless-browser-lite is a minimal npm installer for phantomjs and slimerjs with no external dependencies. headless-browser-lite downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10628: selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver.

selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10686: fis-sass-all is another libsass wrapper for node.

fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10622: nodeschnaps is a NodeJS compatibility layer for Java (Rhino).

nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10657: co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which l...

co-cli-installer downloads the co-cli module as part of the install process, but does so over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10672: cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP,...

cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 4, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10603: air-sdk is a NPM wrapper for the Adobe AIR SDK.

air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2016-10602: haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to M...

haxe is a cross-platform toolkit haxe downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Published Jun 1, 2018 · Updated Sep 17, 2024