|
266251
|
8.1 |
HIGH
Network
|
joomla
|
joomla\!
|
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create …
|
CWE-20
Improper Input Validation
|
CVE-2016-8870
|
2024-11-21 12:00 |
2016-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266252
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
|
CWE-20
Improper Input Validation
|
CVE-2016-8869
|
2024-11-21 12:00 |
2016-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266253
|
7.8 |
HIGH
Local
|
python
debian
|
pillow
debian_linux
|
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in …
|
CWE-284
Improper Access Control
|
CVE-2016-9190
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266254
|
5.5 |
MEDIUM
Local
|
python
debian
|
pillow
debian_linux
|
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9189
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266255
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9188
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266256
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an ex…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-9187
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266257
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-9186
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266258
|
4.3 |
MEDIUM
Network
|
openstack
|
heat
|
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 …
|
CWE-200
Information Exposure
|
CVE-2016-9185
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266259
|
7.5 |
HIGH
Network
|
exponentcms
|
exponent_cms
|
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table name…
|
CWE-200
CWE-89
Information Exposure
SQL Injection
|
CVE-2016-9184
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266260
|
7.5 |
HIGH
Network
|
exponentcms
|
exponent_cms
|
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses t…
|
CWE-200
Information Exposure
|
CVE-2016-9183
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
