Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-29 | CVE-2018-13021 | Unrestricted Upload of File with Dangerous Type vulnerability in Hongcms Project Hongcms 3.0.0 An issue was discovered in HongCMS 3.0.0. | 7.2 |
| 2018-06-29 | CVE-2018-12465 | OS Command Injection vulnerability in Microfocus Secure Messaging Gateway An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. | 7.2 |
| 2018-06-29 | CVE-2018-8901 | Unspecified vulnerability in Ivanti Avalanche An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. | 7.8 |
| 2018-06-29 | CVE-2018-13014 | Insufficiently Protected Credentials vulnerability in Safensoft Enterprise Suite, Syswatch and Tpsecure Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.2 allows the local attacker to restore the SysWatch password from the settings database and modify program settings. | 7.8 |
| 2018-06-29 | CVE-2018-13013 | Improper Check for Unusual or Exceptional Conditions vulnerability in Safensoft Enterprise Suite, Syswatch and Tpsecure Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection mechanism and install/execute an unauthorized program by modifying the system configuration and installing a forged MSI file. | 7.8 |
| 2018-06-29 | CVE-2018-13012 | Download of Code Without Integrity Check vulnerability in Safensoft products Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update server. | 8.1 |
| 2018-06-29 | CVE-2018-13010 | Cross-Site Request Forgery (CSRF) vulnerability in Wstmall 1.9.1170316 WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | 8.8 |
| 2018-06-29 | CVE-2018-12999 | Improper Input Validation vulnerability in Zohocorp Manageengine Desktop Central 10.0.255 Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI. | 7.5 |
| 2018-06-29 | CVE-2018-12997 | Information Exposure vulnerability in Zohocorp products Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring. | 7.5 |
| 2018-06-29 | CVE-2018-12995 | Code Injection vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen. | 8.8 |