|
265631
|
7.8 |
HIGH
Local
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2016-9151
|
2024-11-21 12:00 |
2016-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265632
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-9150
|
2024-11-21 12:00 |
2016-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265633
|
6.5 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single qu…
|
CWE-19
Data Processing Errors
|
CVE-2016-9149
|
2024-11-21 12:00 |
2016-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265634
|
5.5 |
MEDIUM
Local
|
xmlsoft
canonical
|
libxml2
ubuntu_linux
|
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, …
|
CWE-611
XXE
|
CVE-2016-9318
|
2024-11-21 12:00 |
2016-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265635
|
9.8 |
CRITICAL
Network
|
exponentcms
|
exponent_cms
|
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search m…
|
CWE-89
SQL Injection
|
CVE-2016-9287
|
2024-11-21 12:00 |
2016-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265636
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-8908
|
2024-11-21 12:00 |
2016-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265637
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-8907
|
2024-11-21 12:00 |
2016-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265638
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-8906
|
2024-11-21 12:00 |
2016-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265639
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter.
|
CWE-89
SQL Injection
|
CVE-2016-8905
|
2024-11-21 12:00 |
2016-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265640
|
8.8 |
HIGH
Network
|
dotcms
|
dotcms
|
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
CWE-89
SQL Injection
|
CVE-2016-8904
|
2024-11-21 12:00 |
2016-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
