Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-08 | CVE-2018-12045 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file. | 7.5 |
| 2018-06-08 | CVE-2018-11229 | OS Command Injection vulnerability in Crestron Toolbox Protocol Firmware Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). | 7.5 |
| 2018-06-07 | CVE-2018-3758 | Unrestricted Upload of File with Dangerous Type vulnerability in Express-Cart Project Express-Cart Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | 8.8 |
| 2018-06-07 | CVE-2018-0352 | Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Wide Area Application Services 6.2(3) A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. | 7.2 |
| 2018-06-07 | CVE-2011-0467 | SQL Injection vulnerability in Suse Studio Onsite and Studio Onsite Appliance A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. | 8.8 |
| 2018-06-07 | CVE-2018-12039 | SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0 joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary SQL command execution issue in manager/index.php involving use of a "/!select/" substring in place of a select substring. | 7.5 |
| 2018-06-07 | CVE-2017-6294 | Out-of-bounds Write vulnerability in Google Android In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 TZ contains a possible out of bounds write due to missing bounds check which could lead to escalation of privilege from the kernel to the TZ. | 7.2 |
| 2018-06-07 | CVE-2017-6292 | Out-of-bounds Write vulnerability in Google Android In Android before the 2018-06-05 security patch level, NVIDIA TLZ TrustZone contains a possible out of bounds write due to integer overflow which could lead to local escalation of privilege in the TrustZone with no additional execution privileges needed. | 7.2 |
| 2018-06-07 | CVE-2017-6290 | Integer Overflow or Wraparound vulnerability in Google Android In Android before the 2018-06-05 security patch level, NVIDIA TLK TrustZone contains a possible out of bounds write due to an integer overflow which could lead to local escalation of privilege with no additional execution privileges needed. | 7.2 |
| 2018-06-07 | CVE-2018-12031 | Path Traversal vulnerability in Eaton Intelligent Power Manager 1.6 Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | 7.5 |