Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-24 CVE-2018-14583 Cross-Site Request Forgery (CSRF) vulnerability in Xyhcms 3.5
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
network
low complexity
xyhcms CWE-352
8.8
2018-07-24 CVE-2018-14582 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
network
low complexity
bagesoft CWE-352
8.8
2018-07-24 CVE-2018-5387 Improper Verification of Cryptographic Signature vulnerability in Wizkunde Samlbase
Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.
network
low complexity
wizkunde CWE-347
7.5
2018-07-24 CVE-2018-5386 Information Exposure vulnerability in Navarino Infinity 2.2
Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak.
network
low complexity
navarino CWE-200
7.5
2018-07-24 CVE-2018-5385 Session Fixation vulnerability in Navarino Infinity 2.2
Navarino Infinity is prone to session fixation attacks.
network
low complexity
navarino CWE-384
8.8
2018-07-24 CVE-2017-3224 Insufficient Verification of Data Authenticity vulnerability in multiple products
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber.
high complexity
quagga suse redhat CWE-345
8.2
2018-07-24 CVE-2017-3217 Missing Authentication for Critical Function vulnerability in Calamp products
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller.
network
high complexity
calamp CWE-306
8.1
2018-07-24 CVE-2017-3210 Configuration vulnerability in multiple products
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution.
local
low complexity
portrait fujitsu hp philips CWE-16
7.8
2018-07-24 CVE-2017-3209 Incorrect Default Permissions vulnerability in Dbpower U818A Firmware
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user.
low complexity
dbpower CWE-276
8.1
2018-07-24 CVE-2017-3189 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload.
network
high complexity
dotcms CWE-434
8.1