Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-19 | CVE-2017-16949 | Unrestricted Upload of File with Dangerous Type vulnerability in Accesspressthemes Anonymous Post PRO An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. | 9.8 |
| 2017-12-19 | CVE-2017-15877 | Incorrect Permission Assignment for Critical Resource vulnerability in Sistemagpweb Gpweb 8.4.61 Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database. | 9.8 |
| 2017-12-19 | CVE-2017-15875 | SQL Injection vulnerability in Sistemagpweb Gpweb 8.4.61 SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | 9.8 |
| 2017-12-19 | CVE-2017-15524 | Unspecified vulnerability in Kemptechnologies web Application Firewall The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. | 9.1 |
| 2017-12-18 | CVE-2017-17721 | SQL Injection vulnerability in Zuuse Beims Contractorweb .Net 5.18.0.0 CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | 9.8 |
| 2017-12-18 | CVE-2017-17651 | SQL Injection vulnerability in Paid to Read Script Project Paid to Read Script 2.0.5 Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | 9.8 |
| 2017-12-18 | CVE-2017-17645 | SQL Injection vulnerability in PHPautoclassifiedscript BUS Booking Script 1.0 Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | 9.8 |
| 2017-12-18 | CVE-2017-17643 | SQL Injection vulnerability in Lynda Clone Project Lynda Clone 1.0 FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | 9.8 |
| 2017-12-18 | CVE-2017-17739 | Path Traversal vulnerability in Brightsign 4K242 Firmware 6.2.63 The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files. | 9.8 |
| 2017-12-18 | CVE-2017-17735 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in cookies. | 9.8 |