Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-06 | CVE-2015-1000011 | SQL Injection vulnerability in Dukapress Project Dukapress 2.5.9 Blind SQL Injection in wordpress plugin dukapress v2.5.9 | 9.8 |
| 2016-10-06 | CVE-2015-1000009 | Improper Access Control vulnerability in Google-Adsense-And-Hotel-Booking Project Google-Adsense-And-Hotel-Booking 1.05 Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | 9.1 |
| 2016-10-06 | CVE-2015-1000003 | SQL Injection vulnerability in Filedownload Project Filedownload 1.4 Blind SQL Injection in filedownload v1.4 wordpress plugin | 9.8 |
| 2016-10-06 | CVE-2015-1000001 | Unrestricted Upload of File with Dangerous Type vulnerability in Fast-Image-Adder Project Fast-Image-Adder 1.1 Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | 9.8 |
| 2016-10-06 | CVE-2015-1000000 | Unrestricted Upload of File with Dangerous Type vulnerability in Mailcwp Project Mailcwp 1.99 Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | 9.8 |
| 2016-10-06 | CVE-2016-1453 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Nx-Os Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. | 9.8 |
| 2016-10-05 | CVE-2016-7560 | Use of Hard-coded Credentials vulnerability in Fortinet Fortiwlc The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. | 9.8 |
| 2016-10-05 | CVE-2016-7435 | Permissions, Privileges, and Access Controls vulnerability in SAP Netweaver 7.40 The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | 9.1 |
| 2016-10-05 | CVE-2016-7161 | Out-of-bounds Write vulnerability in multiple products Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet. | 9.8 |
| 2016-10-05 | CVE-2016-5745 | Improper Access Control vulnerability in F5 Big-Ip Local Traffic Manager F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. | 9.8 |