Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-16 CVE-2018-10737 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/logbook.php txtSearch parameter.
network
low complexity
nagios CWE-89
7.2
2018-05-16 CVE-2018-10736 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/info.php key1 parameter.
network
low complexity
nagios CWE-89
7.2
2018-05-16 CVE-2018-10735 SQL Injection vulnerability in Nagios XI
A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter.
network
low complexity
nagios CWE-89
7.2
2018-05-16 CVE-2018-10123 Unspecified vulnerability in Intenogroup Iopsys Firmware 2.0/4.2.0
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
network
low complexity
intenogroup
8.8
2018-05-15 CVE-2018-8841 Improper Privilege Management vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an improper privilege management vulnerability may allow an authenticated user to modify files when read access should only be given to the user.
local
low complexity
advantech CWE-269
7.8
2018-05-15 CVE-2018-7503 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to disclose sensitive information on the target.
network
low complexity
advantech CWE-22
7.5
2018-05-15 CVE-2018-7501 SQL Injection vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several SQL injection vulnerabilities have been identified, which may allow an attacker to disclose sensitive information from the host.
network
low complexity
advantech CWE-89
7.5
2018-05-15 CVE-2018-7495 Path Traversal vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an external control of file name or path vulnerability has been identified, which may allow an attacker to delete files.
network
low complexity
advantech CWE-22
7.5
2018-05-15 CVE-2018-10590 File and Directory Information Exposure vulnerability in Advantech products
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible.
network
low complexity
advantech CWE-538
7.5
2018-05-15 CVE-2018-1262 Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation.
network
low complexity
pivotal-software cloudfoundry
7.2