Vulnerabilities > Critical

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2015-1000011 SQL Injection vulnerability in Dukapress Project Dukapress 2.5.9
Blind SQL Injection in wordpress plugin dukapress v2.5.9
network
low complexity
dukapress-project CWE-89
critical
9.8
2016-10-06 CVE-2015-1000009 Improper Access Control vulnerability in Google-Adsense-And-Hotel-Booking Project Google-Adsense-And-Hotel-Booking 1.05
Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05
network
low complexity
google-adsense-and-hotel-booking-project CWE-284
critical
9.1
2016-10-06 CVE-2015-1000003 SQL Injection vulnerability in Filedownload Project Filedownload 1.4
Blind SQL Injection in filedownload v1.4 wordpress plugin
network
low complexity
filedownload-project CWE-89
critical
9.8
2016-10-06 CVE-2015-1000001 Unrestricted Upload of File with Dangerous Type vulnerability in Fast-Image-Adder Project Fast-Image-Adder 1.1
Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin
network
low complexity
fast-image-adder-project CWE-434
critical
9.8
2016-10-06 CVE-2015-1000000 Unrestricted Upload of File with Dangerous Type vulnerability in Mailcwp Project Mailcwp 1.99
Remote file upload vulnerability in mailcwp v1.99 wordpress plugin
network
low complexity
mailcwp-project CWE-434
critical
9.8
2016-10-06 CVE-2016-1453 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os
Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701.
network
low complexity
cisco CWE-119
critical
9.8
2016-10-05 CVE-2016-7560 Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors.
network
low complexity
fortinet CWE-798
critical
9.8
2016-10-05 CVE-2016-7435 Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver 7.40
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344.
network
low complexity
sap CWE-264
critical
9.1
2016-10-05 CVE-2016-7161 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
network
low complexity
qemu debian CWE-787
critical
9.8
2016-10-05 CVE-2016-5745 Improper Access Control vulnerability in F5 Big-Ip Local Traffic Manager
F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64.
network
low complexity
f5 CWE-284
critical
9.8