Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-13 | CVE-2018-10066 | Improper Certificate Validation vulnerability in Mikrotik Routeros 6.41.4 An issue was discovered in MikroTik RouterOS 6.41.4. | 8.1 |
| 2018-04-13 | CVE-2017-6155 | Unspecified vulnerability in F5 products On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or 11.2.1, malformed SPDY or HTTP/2 requests may result in a disruption of service to TMM. | 7.5 |
| 2018-04-13 | CVE-2017-6148 | Improper Input Validation vulnerability in F5 products Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0.0, 12.0.0-12.1.3.1, 11.6.1-11.6.2, or 11.5.1-11.5.5 may cause a disruption of services provided by TMM. | 7.5 |
| 2018-04-13 | CVE-2018-10086 | Code Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval('function testfunction'.rand()" and it is possible to bypass certain restrictions on these "testfunction" functions. | 7.2 |
| 2018-04-13 | CVE-2018-10084 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the eff_uid value within $_COOKIE[$this->_loginkey] to equal 1, because an SHA-1 cryptographic protection mechanism can be bypassed. | 8.8 |
| 2018-04-13 | CVE-2018-10083 | Path Traversal vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter. | 7.5 |
| 2018-04-13 | CVE-2018-10080 | Insufficient Verification of Data Authenticity vulnerability in Secutech Project Ris-11 Firmware, Ris-22 Firmware and Ris-33 Firmware Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. | 8.6 |
| 2018-04-12 | CVE-2018-6934 | Cross-Site Request Forgery (CSRF) vulnerability in Ordermanagementscript Online Tutoring Script 2.0.3 CSRF exists in student/personal-info in PHP Scripts Mall Online Tutoring Script 2.0.3. | 8.8 |
| 2018-04-12 | CVE-2018-6903 | Improper Input Validation vulnerability in HOT Scripts Clone Project HOT Scripts Clone 3.1 PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | 8.8 |
| 2018-04-12 | CVE-2018-6879 | Improper Input Validation vulnerability in Website Seller Script Project Website Seller Script 2.0.3 PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to enforce validation of an e-mail address, which allows remote attackers to modify a registered e-mail address by removing the validation code. | 8.8 |