Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-08 | CVE-2016-7860 | Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. | 8.8 |
| 2016-11-08 | CVE-2016-7859 | Use After Free vulnerability in multiple products Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. | 8.8 |
| 2016-11-08 | CVE-2016-7858 | Use After Free vulnerability in multiple products Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. | 8.8 |
| 2016-11-08 | CVE-2016-7857 | Use After Free vulnerability in multiple products Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. | 8.8 |
| 2016-11-07 | CVE-2016-9242 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | 8.8 |
| 2016-11-04 | CVE-2016-8870 | Improper Input Validation vulnerability in Joomla Joomla! The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting. | 8.1 |
| 2016-11-04 | CVE-2016-9190 | Improper Access Control vulnerability in multiple products Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component. | 7.8 |
| 2016-11-04 | CVE-2016-9187 | Unrestricted Upload of File with Dangerous Type vulnerability in Moodle Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | 8.8 |
| 2016-11-04 | CVE-2016-9186 | Unrestricted Upload of File with Dangerous Type vulnerability in Moodle Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | 8.8 |
| 2016-11-04 | CVE-2016-9184 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. | 7.5 |