Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-12 | CVE-2018-6903 | Improper Input Validation vulnerability in HOT Scripts Clone Project HOT Scripts Clone 3.1 PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | 8.8 |
| 2018-04-12 | CVE-2018-6879 | Improper Input Validation vulnerability in Website Seller Script Project Website Seller Script 2.0.3 PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | 8.8 |
| 2018-04-12 | CVE-2018-5254 | Channel and Path Errors vulnerability in Arista EOS Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message. | 7.5 |
| 2018-04-12 | CVE-2015-0153 | Key Management Errors vulnerability in Dlink Dir-815 Firmware D-Link DIR-815 devices with firmware before 2.07.B01 allow remote attackers to obtain sensitive information by leveraging cleartext storage of the wireless key. | 7.5 |
| 2018-04-12 | CVE-2015-0151 | Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dir-815 Firmware Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |
| 2018-04-12 | CVE-2014-8422 | Insufficient Entropy vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | 8.1 |
| 2018-04-12 | CVE-2014-8421 | Permissions, Privileges, and Access Controls vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1) ConfigureCoreFile.sh, (2) Traceroute.sh, (3) apps.sh, (4) conversion_java2native.sh, (5) coreCompression.sh, (6) deletePasswd.sh, (7) findHealthSvcFDs.sh, (8) fw_printenv.sh, (9) fw_setenv.sh, (10) hw_wd_kicker.sh, (11) new_rootfs.sh, (12) opera_killSnmpd.sh, (13) opera_startSnmpd.sh, (14) rebootOperaSoftware.sh, (15) removeLogFiles.sh, (16) runOperaServices.sh, (17) setPasswd.sh, (18) startAccTestSvcs.sh, (19) usbNotification.sh, or (20) appWeb in /Opera_Deploy. | 7.5 |
| 2018-04-12 | CVE-2014-6412 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Wordpress WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | 8.1 |
| 2018-04-12 | CVE-2018-3889 | Out-of-bounds Write vulnerability in Pl32 Photoline 20.53 A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. | 7.8 |
| 2018-04-12 | CVE-2018-3868 | Out-of-bounds Write vulnerability in Computer-Insel Photoline 20.53 A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. | 7.8 |