Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-04 | CVE-2016-8869 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. | 9.8 |
| 2016-11-04 | CVE-2016-9176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Rumba 7.4.0/9.4/9.4.0 Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. | 9.8 |
| 2016-11-03 | CVE-2016-6452 | Improper Authentication vulnerability in Cisco Prime Home 5.0Base/5.1Base/5.2.0 A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. | 9.8 |
| 2016-11-03 | CVE-2016-6448 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Meeting Server A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 9.8 |
| 2016-11-03 | CVE-2016-6447 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Meeting APP and Meeting Server A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 9.8 |
| 2016-11-03 | CVE-2016-6441 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IOS XE A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. | 9.8 |
| 2016-11-03 | CVE-2016-7453 | SQL Injection vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection. | 9.8 |
| 2016-11-03 | CVE-2016-7402 | Permissions, Privileges, and Access Controls vulnerability in Sybase Adaptive Server Enterprise SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. | 9.8 |
| 2016-11-03 | CVE-2016-7095 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | 9.8 |
| 2016-11-03 | CVE-2015-8969 | Command Injection vulnerability in Squareup Git-Fastclone 1.0.0/1.0.1 git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. | 9.8 |