Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-11 | CVE-2016-9283 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | 7.5 |
| 2016-11-11 | CVE-2016-9282 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | 7.5 |
| 2016-11-11 | CVE-2016-9277 | Integer Overflow or Wraparound vulnerability in Samsung Mobile 4.4/5.0/5.1 Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | 7.5 |
| 2016-11-11 | CVE-2016-9274 | Untrusted Search Path vulnerability in GIT for Windows Project GIT for Windows Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. | 7.8 |
| 2016-11-11 | CVE-2016-9272 | SQL Injection vulnerability in Exponentcms Exponent CMS A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service. | 9.1 |
| 2016-11-10 | CVE-2016-5195 | Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 |
| 2016-11-10 | CVE-2016-9268 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotclear Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | 7.2 |
| 2016-11-10 | CVE-2016-7148 | Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. | 6.1 |
| 2016-11-10 | CVE-2016-7146 | Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component. | 6.1 |
| 2016-11-10 | CVE-2016-7490 | Link Following vulnerability in Teradata Studio Express 15.12.00.00 The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. | 7.8 |