Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-26 | CVE-2018-5470 | Untrusted Search Path vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. | 7.8 |
| 2018-03-26 | CVE-2018-5466 | Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 7.5 |
| 2018-03-26 | CVE-2018-5464 | Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 7.5 |
| 2018-03-26 | CVE-2018-5462 | Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | 7.5 |
| 2018-03-26 | CVE-2018-5458 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information. | 7.5 |
| 2018-03-26 | CVE-2018-5454 | Unspecified vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime. | 8.1 |
| 2018-03-25 | CVE-2018-8979 | Cross-site Scripting vulnerability in Open-Audit 2.1 Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI. | 8.8 |
| 2018-03-25 | CVE-2018-8817 | Cross-Site Request Forgery (CSRF) vulnerability in Wampserver Wampserver before 3.1.3 has CSRF in add_vhost.php. | 8.8 |
| 2018-03-25 | CVE-2018-9014 | Information Exposure vulnerability in Dsmall Project Dsmall 20180320 dsmall v20180320 allows physical path leakage via a public/index.php/home/predeposit/index.html?pdr_sn= request. | 7.5 |
| 2018-03-25 | CVE-2018-9010 | Path Traversal vulnerability in Intelbras Tip200 Firmware and Tip200Lite Firmware Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. | 7.2 |