Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-06 | CVE-2015-1000000 | Unrestricted Upload of File with Dangerous Type vulnerability in Mailcwp Project Mailcwp 1.99 Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | 9.8 |
| 2016-10-06 | CVE-2016-1453 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. | 9.8 |
| 2016-10-05 | CVE-2016-7560 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 9.8 |
| 2016-10-05 | CVE-2016-7435 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver 7.40 The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | 9.1 |
| 2016-10-05 | CVE-2016-7161 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | 9.8 |
| 2016-10-05 | CVE-2016-5745 | Improper Access Control vulnerability in F5 Big-Ip Local Traffic Manager F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. | 9.8 |
| 2016-10-05 | CVE-2016-5686 | Improper Authentication vulnerability in Animas Onetouch Ping Firmware Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | 9.8 |
| 2016-10-05 | CVE-2016-5086 | Improper Authentication vulnerability in Animas Onetouch Ping Firmware Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | 9.8 |
| 2016-10-05 | CVE-2014-5415 | Permissions, Privileges, and Access Controls vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | 9.1 |
| 2016-10-05 | CVE-2014-5414 | 7PK - Security Features vulnerability in Beckhoff Embedded PC Images and Twincat Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | 9.1 |