|
264561
|
7.5 |
HIGH
Network
|
7-zip
|
p7zip
|
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-9296
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264562
|
7.5 |
HIGH
Network
|
artifex
|
mujs
|
Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed label…
|
CWE-476
NULL Pointer Dereference
|
CVE-2016-9294
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264563
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration whic…
|
CWE-89
SQL Injection
|
CVE-2016-9288
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264564
|
5.3 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as d…
|
CWE-200
Information Exposure
|
CVE-2016-9286
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264565
|
5.3 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
framework/modules/addressbook/controllers/addressController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via a modified id number, as demonstrated by address/edit/id/1,…
|
CWE-200
Information Exposure
|
CVE-2016-9285
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264566
|
5.3 |
MEDIUM
Network
|
exponentcms
|
exponent_cms
|
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
|
CWE-200
Information Exposure
|
CVE-2016-9284
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264567
|
7.5 |
HIGH
Network
|
exponentcms
|
exponent_cms
|
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related …
|
CWE-89
SQL Injection
|
CVE-2016-9283
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264568
|
7.5 |
HIGH
Network
|
exponentcms
|
exponent_cms
|
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_…
|
CWE-89
SQL Injection
|
CVE-2016-9282
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264569
|
7.5 |
HIGH
Network
|
samsung
|
samsung_mobile
|
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an o…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9277
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264570
|
7.8 |
HIGH
Local
|
git_for_windows_project
|
git_for_windows
|
Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected.
|
CWE-426
Untrusted Search Path
|
CVE-2016-9274
|
2024-11-21 12:00 |
2016-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
