Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2017-1670 | SQL Injection vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. | 9.8 |
| 2018-01-09 | CVE-2018-5211 | SQL Injection vulnerability in PHPsugar PHP Melody 2.7.1 PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. | 9.8 |
| 2018-01-09 | CVE-2017-18025 | OS Command Injection vulnerability in Innotube Itguard Manager 0.0.0.1 cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. | 9.8 |
| 2018-01-08 | CVE-2017-7997 | SQL Injection vulnerability in Gespage Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp. | 9.8 |
| 2018-01-08 | CVE-2017-15883 | Improper Authentication vulnerability in Progress Sitefinity Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | 9.8 |
| 2018-01-08 | CVE-2015-2320 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | 9.8 |
| 2018-01-08 | CVE-2014-5334 | 7PK - Security Features vulnerability in Freenas FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. | 9.8 |
| 2018-01-08 | CVE-2014-5071 | SQL Injection vulnerability in Microsemi S350I Firmware 2.70.15 SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. | 9.8 |
| 2018-01-08 | CVE-2014-4972 | Unrestricted Upload of File with Dangerous Type vulnerability in Ajax Upload for Gravity Forms Project Ajax Upload for Gravity Forms 1.0/1.1 Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms. | 9.8 |
| 2018-01-08 | CVE-2017-5971 | SQL Injection vulnerability in Newsbee Project Newsbee SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands. | 9.8 |