Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-30 | CVE-2018-6397 | Path Traversal vulnerability in Joomlacalendars Picture Calendar 3.1.4 Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter. | 7.5 |
| 2018-01-29 | CVE-2018-6393 | SQL Injection vulnerability in Sangoma Freepbx 10.13.66/14.0.1.24 FreePBX 10.13.66-32bit and 14.0.1.24 (SNG7-PBX-64bit-1712-2) allow post-authentication SQL injection via the order parameter. | 7.2 |
| 2018-01-29 | CVE-2018-3835 | Out-of-bounds Write vulnerability in Disneyanimation Ptex 2.2 An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. | 8.8 |
| 2018-01-29 | CVE-2018-6391 | Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123 A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. | 8.8 |
| 2018-01-29 | CVE-2017-15133 | Resource Exhaustion vulnerability in Miekg-Dns Prject Miekg-Dns A denial of service flaw was found in miekg-dns before 1.0.4. | 7.5 |
| 2018-01-29 | CVE-2018-6388 | OS Command Injection vulnerability in Iball Ib-Wra150N Firmware 1.2.6 iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | 8.8 |
| 2018-01-29 | CVE-2018-6383 | Incomplete Blacklist vulnerability in Monstra Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. | 8.8 |
| 2018-01-29 | CVE-2017-12626 | Infinite Loop vulnerability in Apache POI Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 7.5 |
| 2018-01-29 | CVE-2017-1000356 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | 8.8 |
| 2018-01-29 | CVE-2017-1000354 | Improper Authentication vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. | 8.8 |