Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-07 CVE-2018-0661 Unspecified vulnerability in Iodata products
Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration.
low complexity
iodata
8.8
2018-09-07 CVE-2018-0658 Improper Input Validation vulnerability in multiple products
Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors.
network
low complexity
ec-cube gmo-pg CWE-20
7.2
2018-09-07 CVE-2018-0650 Improper Certificate Validation vulnerability in Linecorp Line Music 3.1.0
The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
linecorp CWE-295
7.4
2018-09-07 CVE-2018-0649 Untrusted Search Path vulnerability in Eset products
Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc.
local
low complexity
eset CWE-426
7.8
2018-09-07 CVE-2018-0648 Untrusted Search Path vulnerability in Chatwork 2.3.0
Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
chatwork CWE-426
7.8
2018-09-07 CVE-2018-0647 Cross-Site Request Forgery (CSRF) vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
network
low complexity
asus CWE-352
8.8
2018-09-07 CVE-2018-0624 Untrusted Search Path vulnerability in Yayoi-Kk products
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.20.0.2 and earlier, and Yayoi Kokyaku Kanri 17 Ver.11.0.2 and earlier) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
yayoi-kk CWE-426
7.8
2018-09-07 CVE-2018-0623 Untrusted Search Path vulnerability in Yayoi-Kk products
Untrusted search path vulnerability in Multiple Yayoi 17 Series products (Yayoi Kaikei 17 Series Ver.23.1.1 and earlier, Yayoi Aoiro Shinkoku 17 Ver.23.1.1 and earlier, Yayoi Kyuuyo 17 Ver.20.1.4 and earlier, Yayoi Kyuuyo Keisan 17 Ver.20.1.4 and earlier, Yayoi Hanbai 17 Series Ver.
local
low complexity
yayoi-kk CWE-426
7.8
2018-09-07 CVE-2018-16651 Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyfaq
The admin backend in phpMyFAQ before 2.9.11 allows CSV injection in reports.
network
low complexity
phpmyfaq CWE-1236
7.2
2018-09-07 CVE-2018-16650 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
phpMyFAQ before 2.9.11 allows CSRF.
network
low complexity
phpmyfaq CWE-352
8.8