Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-13 | CVE-2016-6578 | Cross-Site Request Forgery (CSRF) vulnerability in Filecloud CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. | 8.8 |
| 2018-07-13 | CVE-2016-6565 | Improper Input Validation vulnerability in Imagely Nextgen Gallery The Imagely NextGen Gallery plugin for Wordpress prior to version 2.1.57 does not properly validate user input in the cssfile parameter of a HTTP POST request, which may allow an authenticated user to read arbitrary files from the server, or execute arbitrary code on the server in some circumstances (dependent on server configuration). | 7.5 |
| 2018-07-13 | CVE-2016-6564 | Permissions, Privileges, and Access Controls vulnerability in multiple products Android devices with code from Ragentek contain a privileged binary that performs over-the-air (OTA) update checks. | 8.1 |
| 2018-07-13 | CVE-2016-6562 | Improper Certificate Validation vulnerability in Mitel Shortel Mobility Client 9.1.3.109 On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials. | 7.5 |
| 2018-07-13 | CVE-2016-6557 | Cross-Site Request Forgery (CSRF) vulnerability in Asus products In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. | 8.8 |
| 2018-07-13 | CVE-2016-6547 | Information Exposure vulnerability in Nutspace NUT Mobile The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. | 7.8 |
| 2018-07-13 | CVE-2016-6546 | Information Exposure vulnerability in Kkmcn Itrackeasy The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. | 7.8 |
| 2018-07-13 | CVE-2016-6544 | Improper Authentication vulnerability in Ieasytec Itrack Easy getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. | 7.5 |
| 2018-07-13 | CVE-2018-1000211 | Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry. | 7.5 |
| 2018-07-13 | CVE-2018-1000210 | Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them. | 7.8 |