Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000511 | Incorrect Permission Assignment for Critical Resource vulnerability in Wpulike Ulike 2.8.1/3.1 WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. | 7.5 |
| 2018-06-26 | CVE-2018-1000509 | Deserialization of Untrusted Data vulnerability in Redirection 2.7.1 Redirection version 2.7.1 contains a Serialisation vulnerability possibly allowing ACE vulnerability in Settings page AJAX that can result in could allow admin to execute arbitrary code in some circumstances. | 7.2 |
| 2018-06-26 | CVE-2018-1000506 | Cross-Site Request Forgery (CSRF) vulnerability in Mediaron Metronet TAG Manager 1.2.7 Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. | 8.8 |
| 2018-06-26 | CVE-2018-1000504 | Open Redirect vulnerability in Redirection 2.7.3 Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. | 7.2 |
| 2018-06-26 | CVE-2018-1000502 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Mybb MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and Remote File Inclusion on ancient PHP versions. | 7.2 |
| 2018-06-26 | CVE-2018-1000500 | Improper Certificate Validation vulnerability in Busybox Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. | 8.1 |
| 2018-06-26 | CVE-2017-7656 | In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. | 7.5 |
| 2018-06-26 | CVE-2018-10852 | Information Exposure vulnerability in multiple products The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. | 7.5 |
| 2018-06-26 | CVE-2018-0611 | Improper Certificate Validation vulnerability in ANA The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |
| 2018-06-26 | CVE-2018-0610 | Improper Privilege Management vulnerability in Zenphoto Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. | 7.2 |