Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-17	CVE-2018-17143	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. network low complexity golang fedoraproject CWE-119	7.5
2018-09-17	CVE-2018-17142	NULL Pointer Dereference vulnerability in multiple products The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. network low complexity golang fedoraproject CWE-476	7.5
2018-09-17	CVE-2018-11781	Code Injection vulnerability in multiple products Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax. local low complexity apache redhat debian canonical CWE-94	7.8
2018-09-17	CVE-2018-17139	Unrestricted Upload of File with Dangerous Type vulnerability in Ultimatefosters Ultimatepos 2.5 UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. network low complexity ultimatefosters CWE-434	8.8
2018-09-17	CVE-2018-17134	Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. network low complexity phpmywind CWE-94	7.2
2018-09-17	CVE-2018-17133	Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. network low complexity phpmywind CWE-94	7.2
2018-09-17	CVE-2018-17132	Code Injection vulnerability in PHPmywind 5.5 admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. network low complexity phpmywind CWE-94	7.2
2018-09-17	CVE-2018-17131	Code Injection vulnerability in PHPmywind 5.5 admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. network low complexity phpmywind CWE-94	7.2
2018-09-17	CVE-2018-17127	NULL Pointer Dereference vulnerability in Asus Gt-Ac5300 Firmware 3.0.0.4.384.21140/3.0.0.4.384.32738 blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter. network low complexity asus CWE-476	7.5
2018-09-17	CVE-2018-17125	Path Traversal vulnerability in Chshcms Cscms 4.1 CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php. network low complexity chshcms CWE-22	7.5

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High