Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-03 | CVE-2016-6441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. | 10.0 |
| 2016-11-03 | CVE-2016-6430 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Interoperability and Collaboration System A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. | 6.6 |
| 2016-11-03 | CVE-2016-6429 | Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. | 4.3 |
| 2016-11-03 | CVE-2016-9136 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mujs Artifex Software, Inc. | 5.0 |
| 2016-11-03 | CVE-2016-9135 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. | 5.0 |
| 2016-11-03 | CVE-2016-9134 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. | 5.0 |
| 2016-11-03 | CVE-2016-9086 | Information Exposure vulnerability in Gitlab GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. | 4.0 |
| 2016-11-03 | CVE-2016-7453 | SQL Injection vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | 7.5 |
| 2016-11-03 | CVE-2016-7452 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | 5.0 |
| 2016-11-03 | CVE-2016-7402 | Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. | 7.5 |