Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-14 | CVE-2017-12125 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12123 | Insufficiently Protected Credentials vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12121 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12120 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2018-10990 | Insufficient Session Expiration vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). | 8.0 |
| 2018-05-14 | CVE-2018-10252 | Session Fixation vulnerability in Actiontec Wcb6200Q Firmware An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. | 8.1 |
| 2018-05-14 | CVE-2017-6021 | Improper Input Validation vulnerability in multiple products In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. | 7.5 |
| 2018-05-14 | CVE-2018-0588 | Path Traversal vulnerability in Ultimatemember User Profile & Membership Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |
| 2018-05-14 | CVE-2018-0580 | Untrusted Search Path vulnerability in Celsys products Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2018-05-14 | CVE-2018-0568 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitebridge Joruri GW Unrestricted file upload vulnerability in SiteBridge Inc. | 8.8 |