Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2142 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata Wn-G300R3 Firmware 1.01/1.03 Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 9.8 |
| 2017-04-28 | CVE-2017-2141 | OS Command Injection vulnerability in Iodata Wn-G300R3 Firmware 1.01/1.03 WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. | 7.2 |
| 2017-04-28 | CVE-2017-2140 | Injection vulnerability in Gaku Tablacus Explorer 17.3.30 Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | 8.8 |
| 2017-04-28 | CVE-2017-2139 | Forced Browsing vulnerability in Frogman Office INC Cs-Cart 4.3.10 CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php. | 5.3 |
| 2017-04-28 | CVE-2017-2137 | Unspecified vulnerability in Netgear Prosafe Plus Configuration Utility 2.3.28 ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | 3.7 |
| 2017-04-28 | CVE-2017-2136 | Cross-site Scripting vulnerability in WP Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | 6.1 |
| 2017-04-28 | CVE-2017-2135 | Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2134 | Cross-site Scripting vulnerability in Uchida Assetbase 8.0 Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2130 | Untrusted Search Path vulnerability in Securebrain Phishwall Client 3.7.13/3.7.8.1 Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. | 7.8 |
| 2017-04-28 | CVE-2017-2128 | OS Command Injection vulnerability in Information-Technology Promotion Agency Introduction to Safe Website Operation Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data. | 8.8 |