Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-16 | CVE-2018-10737 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter. | 7.2 |
2018-05-16 | CVE-2018-10736 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter. | 7.2 |
2018-05-16 | CVE-2018-10735 | SQL Injection vulnerability in Nagios XI A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. | 7.2 |
2018-05-16 | CVE-2018-10123 | Unspecified vulnerability in Intenogroup Iopsys Firmware 2.0/4.2.0 p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100. | 8.8 |
2018-05-15 | CVE-2018-8841 | Improper Privilege Management vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user. | 7.8 |
2018-05-15 | CVE-2018-7503 | Path Traversal vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target. | 7.5 |
2018-05-15 | CVE-2018-7501 | SQL Injection vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host. | 7.5 |
2018-05-15 | CVE-2018-7495 | Path Traversal vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files. | 7.5 |
2018-05-15 | CVE-2018-10590 | File and Directory Information Exposure vulnerability in Advantech products In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible. | 7.5 |
2018-05-15 | CVE-2018-1262 | Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. | 7.2 |