Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-2242 | Code Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | 9.8 |
| 2017-01-23 | CVE-2016-1925 | Integer Underflow (Wrap or Wraparound) vulnerability in LHA for Unix Project LHA for Unix Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow. | 9.8 |
| 2017-01-23 | CVE-2015-8972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | 9.8 |
| 2017-01-23 | CVE-2015-8857 | 7PK - Security Features vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | 9.8 |
| 2017-01-23 | CVE-2014-8362 | Improper Access Control vulnerability in Vivint SKY Control Panel Firmware 1.1.1.9926 Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface. | 9.8 |
| 2017-01-23 | CVE-2017-5569 | SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0 An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. | 9.8 |
| 2017-01-23 | CVE-2017-5575 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | 9.8 |
| 2017-01-23 | CVE-2017-5574 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | 9.8 |
| 2017-01-23 | CVE-2017-5539 | Path Traversal vulnerability in B2Evolution 6.8.4 The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. | 9.1 |
| 2017-01-23 | CVE-2016-10157 | Code Injection vulnerability in Akamai Netsession 1.9.3.1 Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. | 9.8 |