Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-14 | CVE-2016-8902 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 9.8 |
| 2016-11-12 | CVE-2016-9296 | NULL Pointer Dereference vulnerability in 7-Zip P7Zip 16.02 A null pointer dereference bug affects the 16.02 and many old versions of p7zip. | 7.5 |
| 2016-11-12 | CVE-2016-9294 | NULL Pointer Dereference vulnerability in Artifex Mujs Artifex Software, Inc. | 7.5 |
| 2016-11-11 | CVE-2016-9288 | SQL Injection vulnerability in Exponentcms Exponent CMS In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. | 9.8 |
| 2016-11-11 | CVE-2016-9286 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI. | 5.3 |
| 2016-11-11 | CVE-2016-9285 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1, related to an "addresses, countries, and regions" issue. | 5.3 |
| 2016-11-11 | CVE-2016-9284 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string. | 5.3 |
| 2016-11-11 | CVE-2016-9283 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | 7.5 |
| 2016-11-11 | CVE-2016-9282 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | 7.5 |
| 2016-11-11 | CVE-2016-9277 | Integer Overflow or Wraparound vulnerability in Samsung Mobile 4.4/5.0/5.1 Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | 7.5 |