LiveActive security incident?Get immediate response
CVE archive

2016 CVE Archive

Browse CVE records published in 2016 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 9353 matching CVEs · Page 2 of 188.

Medium · CVSS 5.3

CVE-2016-8624: curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name pa...

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.

Published Jul 31, 2018 · Updated Apr 16, 2026

Medium · CVSS 5.3

CVE-2016-8615: A flaw was found in curl before version 7.51.

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

Published Aug 1, 2018 · Updated Apr 16, 2026

Low · CVSS 3.7

CVE-2016-8622: The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`.

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

Published Jul 31, 2018 · Updated Apr 15, 2026

Critical · CVSS 9.8

CVE-2016-15033: Delete All Comments <= 2.0 - Arbitrary File Upload

The Delete All Comments plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the via the delete-all-comments.php file in versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Jun 7, 2023 · Updated Apr 8, 2026

High · CVSS 7.2

CVE-2016-15041: MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting

The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published Oct 16, 2024 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2016-15043: WP Mobile Detector <= 3.5 - Arbitrary File Upload

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Jul 19, 2025 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2016-15040: Kento Post View Counter <= 2.8 - SQL Injection

The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Published Oct 16, 2024 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2016-15042: Frontend File Manager < 4.0 & N-Media Post Front-end Form < 1.1 & - Arbitrary File Upload

The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins for WordPress are vulnerable to arbitrary file uploads due to missing file type validation via the `nm_filemanager_upload_file` and `nm_postfront_upload_file` AJAX actions. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Published Oct 16, 2024 · Updated Apr 8, 2026

Critical · CVSS 9.8

CVE-2016-20026: ZKTeco ZKBioSecurity 3.0 Hardcoded Credentials Remote Code Execution

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.

Published Mar 15, 2026 · Updated Apr 7, 2026

High · CVSS 8.7

CVE-2016-15056: Ubee EVW3226 Unauthenticated Backup File Disclosure

Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.

Published Nov 14, 2025 · Updated Apr 7, 2026

High · CVSS 8.7

CVE-2016-15055: JVC VN-T IP-Camera Directory Traversal via check.cgi

JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary files on the device.

Published Nov 12, 2025 · Updated Apr 7, 2026

High · CVSS 8.7

CVE-2016-15047: AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range.

Published Oct 9, 2025 · Updated Apr 7, 2026

High · CVSS 8.5

CVE-2016-15045: Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation

A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.

Published Jul 23, 2025 · Updated Apr 7, 2026

High · CVSS 8.5

CVE-2016-20056: Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation

Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

Medium · CVSS 6.9

CVE-2016-20051: Snews CMS 1.7 Cross-Site Request Forgery via changeup

Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.5

CVE-2016-20058: Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation

Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

Medium · CVSS 6.9

CVE-2016-20050: NetSchedScan 1.0 Buffer Overflow Denial of Service

NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.5

CVE-2016-20057: NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation

NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.5

CVE-2016-20055: IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation

IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.5

CVE-2016-20061: sheed AntiVirus 2.3 Unquoted Service Path Privilege Escalation

sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

Medium · CVSS 5.3

CVE-2016-20054: Nodcms Cross Site Request Forgery via admin endpoints

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.

Published Apr 4, 2026 · Updated Apr 6, 2026

Critical · CVSS 9.8

CVE-2016-20052: Snews CMS 1.7 Unrestricted File Upload via snews_files

Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.5

CVE-2016-20059: IObit Malware Fighter 4.3.1 Unquoted Service Path Privilege Escalation

IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

Medium · CVSS 6.9

CVE-2016-20053: Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.5

CVE-2016-20060: Hotspot Shield 6.0.3 Unquoted Service Path Privilege Escalation

Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges.

Published Apr 4, 2026 · Updated Apr 6, 2026

High · CVSS 8.6

CVE-2016-20046: zFTP Client 20061220+dfsg3-4.1 Local Buffer Overflow

zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerability in the NAME parameter handling of FTP connections that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized NAME value exceeding the 80-byte buffer allocated in strcpy_chk to overwrite the instruction pointer and execute shellcode with user privileges.

Published Mar 28, 2026 · Updated Apr 1, 2026

High · CVSS 8.6

CVE-2016-20040: TiEmu 3.03-nogdb+dfsg-3 Buffer Overflow via ROM Parameter

TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses.

Published Mar 28, 2026 · Updated Apr 1, 2026

High · CVSS 8.6

CVE-2016-20039: Multi Emulator Super System 0.154-3.1 Buffer Overflow

Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized gamma parameter value to overflow the stack buffer and overwrite the instruction pointer with a controlled address to achieve code execution.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20045: HNB Organizer 1.9.18-10 Local Buffer Overflow via -rc Parameter

HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20041: Yasr 0.6.9-5 Buffer Overflow via Command-line Parameter

Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20047: EKG Gadu 1.9 Local Buffer Overflow via Username Parameter

EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerability in the username handling that allows local attackers to execute arbitrary code by supplying an oversized username string. Attackers can trigger the overflow in the strlcpy function by passing a crafted buffer exceeding 258 bytes to overwrite the instruction pointer and execute shellcode with user privileges.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20044: PInfo 0.6.9-5.1 Local Buffer Overflow via -m Parameter

PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20038: yTree 1.94-1.1 Stack-Based Buffer Overflow

yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20037: xwpe 1.5.30a-2.1 Stack-based Buffer Overflow

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20043: NRSS RSS Reader 0.3.9-1 Stack Buffer Overflow

NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -F parameter. Attackers can craft a malicious input with 256 bytes of padding followed by a controlled EIP value to overwrite the return address and achieve code execution.

Published Mar 28, 2026 · Updated Mar 30, 2026

Critical · CVSS 9.8

CVE-2016-20049: JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution

JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20042: TRN 3.6-23 Stack Buffer Overflow Local Code Execution

TRN 3.6-23 contains a stack buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the application. Attackers can craft a malicious command-line argument with 156 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.6

CVE-2016-20048: iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter

iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.

Published Mar 28, 2026 · Updated Mar 30, 2026

High · CVSS 8.5

CVE-2016-20033: Wowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exe

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability that allows authenticated users to escalate privileges by replacing executable files due to improper file permissions granting full access to the Everyone group. Attackers can replace the nssm_x64.exe binary in the manager and engine service directories with malicious executables to execute code with LocalSystem privileges when services restart.

Published Mar 15, 2026 · Updated Mar 16, 2026

High · CVSS 8.8

CVE-2016-20034: Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit

Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.

Published Mar 15, 2026 · Updated Mar 16, 2026

Medium · CVSS 6.9

CVE-2016-20035: Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint

Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.

Published Mar 15, 2026 · Updated Mar 16, 2026

Medium · CVSS 6.1

CVE-2016-20036: Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities

Wowza Streaming Engine 4.5.0 contains multiple reflected cross-site scripting vulnerabilities in the enginemanager interface where input passed through various parameters is not properly sanitized before being returned to users. Attackers can inject malicious script code through parameters like appName, vhost, uiAppType, and wowzaCloudDestinationType in multiple endpoints to execute arbitrary HTML and JavaScript in a user's browser session.

Published Mar 15, 2026 · Updated Mar 16, 2026

Critical · CVSS 9.8

CVE-2016-20024: ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with malicious binaries for privilege escalation.

Published Mar 15, 2026 · Updated Mar 16, 2026