Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-14 | CVE-2016-8905 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8904 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8903 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8902 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 9.8 |
| 2016-11-12 | CVE-2016-9296 | NULL Pointer Dereference vulnerability in 7-Zip P7Zip 16.02 A null pointer dereference bug affects the 16.02 and many old versions of p7zip. | 7.5 |
| 2016-11-12 | CVE-2016-9294 | NULL Pointer Dereference vulnerability in Artifex Mujs Artifex Software, Inc. | 7.5 |
| 2016-11-11 | CVE-2016-9288 | SQL Injection vulnerability in Exponentcms Exponent CMS In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. | 9.8 |
| 2016-11-11 | CVE-2016-9286 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | 5.3 |
| 2016-11-11 | CVE-2016-9285 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | 5.3 |
| 2016-11-11 | CVE-2016-9284 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | 5.3 |