Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000430 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rust-Base64 Project Rust-Base64 rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions | 9.8 |
| 2018-01-02 | CVE-2017-1000423 | Improper Input Validation vulnerability in B2Evolution b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup. | 9.8 |
| 2018-01-02 | CVE-2017-1000421 | Use After Free vulnerability in multiple products Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution | 9.8 |
| 2018-01-02 | CVE-2017-1000458 | Out-of-bounds Write vulnerability in BRO 2.5.2 Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation. | 9.8 |
| 2018-01-02 | CVE-2017-1000453 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution. | 9.8 |
| 2018-01-02 | CVE-2017-17098 | Code Injection vulnerability in Gps-Server GPS Tracking Software The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | 9.8 |
| 2018-01-02 | CVE-2017-17097 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gps-Server GPS Tracking Software gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. | 9.8 |
| 2018-01-02 | CVE-2017-1000444 | SQL Injection vulnerability in Openhacker Project Openhacker 0.1.47 Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | 9.8 |
| 2018-01-01 | CVE-2018-3813 | Information Exposure vulnerability in Flir products getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request. | 9.8 |
| 2018-01-01 | CVE-2018-3811 | SQL Injection vulnerability in Oturia Smart Google Code Inserter SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. | 9.8 |