Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-11-14 CVE-2016-8902 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter.
network
low complexity
dotcms CWE-89
critical
9.8
2016-11-12 CVE-2016-9296 NULL Pointer Dereference vulnerability in 7-Zip P7Zip 16.02
A null pointer dereference bug affects the 16.02 and many old versions of p7zip.
network
low complexity
7-zip CWE-476
7.5
2016-11-12 CVE-2016-9294 NULL Pointer Dereference vulnerability in Artifex Mujs
Artifex Software, Inc.
network
low complexity
artifex CWE-476
7.5
2016-11-11 CVE-2016-9288 SQL Injection vulnerability in Exponentcms Exponent CMS
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection.
network
low complexity
exponentcms CWE-89
critical
9.8
2016-11-11 CVE-2016-9286 Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI.
network
low complexity
exponentcms CWE-200
5.3
2016-11-11 CVE-2016-9285 Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue.
network
low complexity
exponentcms CWE-200
5.3
2016-11-11 CVE-2016-9284 Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
network
low complexity
exponentcms CWE-200
5.3
2016-11-11 CVE-2016-9283 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
network
low complexity
exponentcms CWE-89
7.5
2016-11-11 CVE-2016-9282 SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
network
low complexity
exponentcms CWE-89
7.5
2016-11-11 CVE-2016-9277 Integer Overflow or Wraparound vulnerability in Samsung Mobile 4.4/5.0/5.1
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
network
low complexity
samsung CWE-190
7.5