Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-08 | CVE-2018-12054 | Path Traversal vulnerability in Schools Alert Management Script Project Schools Alert Management Script Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | 7.5 |
| 2018-06-08 | CVE-2018-12053 | Path Traversal vulnerability in Schools Alert Management Script Project Schools Alert Management Script Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | 7.5 |
| 2018-06-08 | CVE-2018-12046 | Improper Input Validation vulnerability in Dedecms 5.5/5.6/5.7 DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file. | 7.5 |
| 2018-06-08 | CVE-2018-12041 | Improper Input Validation vulnerability in Mediatek Awus036Nh Firmware 5.1.25.0 An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. | 7.5 |
| 2018-06-07 | CVE-2018-3758 | Unrestricted Upload of File with Dangerous Type vulnerability in Express-Cart Project Express-Cart Unrestricted file upload (RCE) in express-cart module before 1.1.7 allows a privileged user to gain access in the hosting machine. | 8.8 |
| 2018-06-07 | CVE-2018-0338 | Incorrect Authorization vulnerability in Cisco Unified Computing System A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. | 7.8 |
| 2018-06-07 | CVE-2018-0336 | Missing Authorization vulnerability in Cisco Prime Collaboration 12.1 A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. | 8.8 |
| 2018-06-07 | CVE-2018-0335 | Insufficiently Protected Credentials vulnerability in Cisco Prime Collaboration 12.2 A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. | 7.8 |
| 2018-06-07 | CVE-2018-0332 | Unspecified vulnerability in Cisco IP Phone Firmware and Unified IP Phone Firmware A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2018-06-07 | CVE-2011-0467 | SQL Injection vulnerability in Suse Studio Onsite and Studio Onsite Appliance A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. | 8.8 |