Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-11-04 | CVE-2016-9183 | Information Exposure vulnerability in Exponentcms Exponent CMS 2.4.0 In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. | 7.5 |
2016-11-04 | CVE-2016-9182 | Improper Access Control vulnerability in Exponentcms Exponent CMS 2.4.0 Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. | 7.5 |
2016-11-04 | CVE-2016-9177 | Path Traversal vulnerability in Sparkjava Spark Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. | 7.5 |
2016-11-03 | CVE-2016-6455 | Resource Management Errors vulnerability in Cisco ASR 5000 Software A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sessions to be disconnected, resulting in a partial denial of service (DoS) condition. | 7.5 |
2016-11-03 | CVE-2016-6453 | SQL Injection vulnerability in Cisco Identity Services Engine 1.3(0.876) A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. | 7.3 |
2016-11-03 | CVE-2016-6430 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Interoperability and Collaboration System A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. | 7.8 |
2016-11-03 | CVE-2016-9136 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mujs Artifex Software, Inc. | 7.5 |
2016-11-03 | CVE-2016-9135 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. | 7.5 |
2016-11-03 | CVE-2016-9134 | SQL Injection vulnerability in Exponentcms Exponent CMS 2.3.9 Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. | 7.5 |
2016-11-03 | CVE-2016-7452 | Unrestricted Upload of File with Dangerous Type vulnerability in Exponentcms Exponent CMS The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | 7.5 |