|
266361
|
8.8 |
HIGH
Network
|
exponentcms
|
exponent_cms
|
Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary S…
|
CWE-89
SQL Injection
|
CVE-2016-9242
|
2024-11-21 12:00 |
2016-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266362
|
6.8 |
MEDIUM
Physics
|
citrix
|
receiver_desktop
|
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection o…
|
CWE-254
CWE-284
7PK - Security Features
Improper Access Control
|
CVE-2016-9111
|
2024-11-21 12:00 |
2016-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266363
|
6.0 |
MEDIUM
Local
|
qemu
debian
opensuse
redhat
|
qemu
debian_linux
leap
openstack
virtualization
|
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2016-8910
|
2024-11-21 12:00 |
2016-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266364
|
6.0 |
MEDIUM
Local
|
qemu
debian
opensuse
redhat
|
qemu
debian_linux
leap
openstack
virtualization
|
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2016-8909
|
2024-11-21 12:00 |
2016-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266365
|
8.1 |
HIGH
Network
|
joomla
|
joomla\!
|
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create …
|
CWE-20
Improper Input Validation
|
CVE-2016-8870
|
2024-11-21 12:00 |
2016-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266366
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…
|
CWE-20
Improper Input Validation
|
CVE-2016-8869
|
2024-11-21 12:00 |
2016-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266367
|
7.8 |
HIGH
Local
|
python
debian
|
pillow
debian_linux
|
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in …
|
CWE-284
Improper Access Control
|
CVE-2016-9190
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266368
|
5.5 |
MEDIUM
Local
|
python
debian
|
pillow
debian_linux
|
Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2016-9189
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266369
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and …
|
CWE-79
Cross-site Scripting
|
CVE-2016-9188
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266370
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an ex…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2016-9187
|
2024-11-21 12:00 |
2016-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
