Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-16 | CVE-2018-12256 | Unrestricted Upload of File with Dangerous Type vulnerability in Litecart admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. | 8.8 |
| 2018-08-15 | CVE-2017-13108 | Use of Hard-coded Credentials vulnerability in Psafe Dfndr Security 5.0.9 DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. | 7.5 |
| 2018-08-15 | CVE-2017-13107 | Use of Hard-coded Credentials vulnerability in Liveme 3.7.20 Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. | 7.5 |
| 2018-08-15 | CVE-2017-13106 | Use of Hard-coded Credentials vulnerability in Cmcm CM Launcher 3D 5.0.3 Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. | 7.5 |
| 2018-08-15 | CVE-2017-13104 | Use of Hard-coded Credentials vulnerability in Uber Ubereats 1.108.10001 Uber Technologies, Inc. | 7.5 |
| 2018-08-15 | CVE-2017-13102 | Use of Hard-coded Credentials vulnerability in Gameloft Asphalt Xtreme 1.6.0 Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. | 7.5 |
| 2018-08-15 | CVE-2017-13101 | Use of Hard-coded Credentials vulnerability in Tiktok Musical.Ly 6.1.6 Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. | 7.5 |
| 2018-08-15 | CVE-2017-13100 | Use of Hard-coded Credentials vulnerability in Distinctdev the Moron Test 6.3.1 DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. | 7.5 |
| 2018-08-15 | CVE-2018-0427 | OS Command Injection vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module Dnac1.1 A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. | 8.8 |
| 2018-08-15 | CVE-2018-0419 | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. | 7.5 |