Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-14 | CVE-2016-8907 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8906 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8905 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8904 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-14 | CVE-2016-8903 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | 8.8 |
| 2016-11-12 | CVE-2016-9296 | NULL Pointer Dereference vulnerability in 7-Zip P7Zip 16.02 A null pointer dereference bug affects the 16.02 and many old versions of p7zip. | 7.5 |
| 2016-11-12 | CVE-2016-9294 | NULL Pointer Dereference vulnerability in Artifex Mujs Artifex Software, Inc. | 7.5 |
| 2016-11-11 | CVE-2016-9283 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | 7.5 |
| 2016-11-11 | CVE-2016-9282 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | 7.5 |
| 2016-11-11 | CVE-2016-9277 | Integer Overflow or Wraparound vulnerability in Samsung Mobile 4.4/5.0/5.1 Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | 7.5 |