Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-02 | CVE-2018-10642 | Code Injection vulnerability in Combodo Itop Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig() that calls the vulnerable function eval(). | 7.2 |
| 2018-05-01 | CVE-2018-10260 | Improper Input Validation vulnerability in Hrsale Project Hrsale 1.0.2 A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user. | 8.8 |
| 2018-05-01 | CVE-2018-10258 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Codeslab Shopy Point of Sale 1.0 A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-05-01 | CVE-2018-10257 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hrsale Project Hrsale 1.0.2 A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-05-01 | CVE-2018-10256 | SQL Injection vulnerability in Hrsale Project Hrsale 1.0.2 A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query. | 8.8 |
| 2018-05-01 | CVE-2018-10255 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Clustercoding Blog Master PRO 1.0.0 A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution. | 8.8 |
| 2018-05-01 | CVE-2013-2049 | Session Fixation vulnerability in Redhat Cloudforms Management Engine 2.0 Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | 7.5 |
| 2018-05-01 | CVE-2013-0185 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Manageiq Enterprise Virtualization Manager Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | 8.8 |
| 2018-05-01 | CVE-2013-0159 | Link Following vulnerability in Fedoraproject Fedora 17/18 The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlink attack on /tmp/fedora-business-cards-buffer.svg. | 7.1 |
| 2018-05-01 | CVE-2018-9336 | Double Free vulnerability in multiple products openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. | 7.8 |