Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000444 | SQL Injection vulnerability in Openhacker Project Openhacker 0.1.47 Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | 9.8 |
| 2018-01-01 | CVE-2018-3813 | Information Exposure vulnerability in Flir products getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | 9.8 |
| 2018-01-01 | CVE-2018-3811 | SQL Injection vulnerability in Oturia Smart Google Code Inserter SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. | 9.8 |
| 2018-01-01 | CVE-2018-3810 | Improper Authentication vulnerability in Oturia Smart Google Code Inserter Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. | 9.8 |
| 2017-12-31 | CVE-2017-18001 | Missing Authentication for Critical Function vulnerability in Trustwave Secure web Gateway 11.8.0.27 Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI. | 9.8 |
| 2017-12-30 | CVE-2017-17992 | Path Traversal vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action. | 9.8 |
| 2017-12-29 | CVE-2014-9515 | Deserialization of Untrusted Data vulnerability in Dozer Project Dozer Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object. | 9.8 |
| 2017-12-29 | CVE-2014-3630 | XXE vulnerability in multiple products XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data. | 9.8 |
| 2017-12-29 | CVE-2014-0121 | Improper Authentication vulnerability in multiple products The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | 9.8 |
| 2017-12-29 | CVE-2017-17974 | Unspecified vulnerability in Basystems Bas920 Firmware and Isc2000 Firmware BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtaining administrative access by subsequently using the credential information for the Supervisor/Administrator account. | 9.8 |