Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-29 | CVE-2013-7432 | Permissions, Privileges, and Access Controls vulnerability in Mapsplugin Googlemaps 3.0 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | 7.5 |
2017-08-29 | CVE-2013-7426 | Unrestricted Upload of File with Dangerous Type vulnerability in Kamailio 4.0.11 Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1. | 7.5 |
2017-08-29 | CVE-2017-12865 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable. | 7.5 |
2017-08-29 | CVE-2017-12875 | Allocation of Resources Without Limits or Throttling vulnerability in Imagemagick 7.0.66 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. | 7.1 |
2017-08-29 | CVE-2017-11455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | 8.8 |
2017-08-29 | CVE-2015-8299 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in KNX ETS 4.1.5 Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. | 7.5 |
2017-08-29 | CVE-2015-7517 | SQL Injection vulnerability in Labwebdesigns Double Opt-In FOR Download Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. | 7.5 |
2017-08-29 | CVE-2017-13752 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 7.5 |
2017-08-29 | CVE-2017-13751 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack. | 7.5 |
2017-08-29 | CVE-2017-13750 | Reachable Assertion vulnerability in multiple products There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack. | 7.5 |