Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-13 CVE-2016-6547 Information Exposure vulnerability in Nutspace NUT Mobile
The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.
local
low complexity
nutspace CWE-200
7.8
2018-07-13 CVE-2016-6546 Information Exposure vulnerability in Kkmcn Itrackeasy
The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file.
local
low complexity
kkmcn CWE-200
7.8
2018-07-13 CVE-2016-6544 Improper Authentication vulnerability in Ieasytec Itrack Easy
getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps.
network
low complexity
ieasytec CWE-287
7.5
2018-07-13 CVE-2018-1000211 Incorrect Permission Assignment for Critical Resource vulnerability in Doorkeeper Project Doorkeeper
Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.
network
low complexity
doorkeeper-project CWE-732
7.5
2018-07-13 CVE-2018-1000210 Authorization Bypass Through User-Controlled Key vulnerability in Yamldotnet Project Yamldotnet
YamlDotNet version 4.3.2 and earlier contains a Insecure Direct Object Reference vulnerability in The default behavior of Deserializer.Deserialize() will deserialize user-controlled types in the line "currentType = Type.GetType(nodeEvent.Tag.Substring(1), throwOnError: false);" and blindly instantiates them.
local
low complexity
yamldotnet-project CWE-639
7.8
2018-07-13 CVE-2018-1000209 Incorrect Permission Assignment for Critical Resource vulnerability in Sensu Core
Sensu, Inc.
network
low complexity
sensu CWE-732
8.8
2018-07-13 CVE-2018-1000208 Path Traversal vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files.
network
low complexity
modx CWE-22
7.5
2018-07-13 CVE-2018-1000207 Incorrect Permission Assignment for Critical Resource vulnerability in Modx Revolution
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content.
network
low complexity
modx CWE-732
7.2
2018-07-13 CVE-2018-1000206 Cross-Site Request Forgery (CSRF) vulnerability in Jfrog Artifactory
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user.
network
low complexity
jfrog CWE-352
8.8
2018-07-13 CVE-2018-7535 Incorrect Default Permissions vulnerability in Totalav 4.1.7/4.6.19
An issue was discovered in TotalAV v4.1.7.
local
low complexity
totalav CWE-276
7.8