Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-14 CVE-2017-12125 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
2018-05-14 CVE-2017-12123 Insufficiently Protected Credentials vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317.
low complexity
moxa CWE-522
8.8
2018-05-14 CVE-2017-12121 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
2018-05-14 CVE-2017-12120 OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1
An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317.
network
low complexity
moxa CWE-78
8.8
2018-05-14 CVE-2018-10990 Insufficient Session Expiration vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes").
network
high complexity
commscope CWE-613
8.0
2018-05-14 CVE-2018-10252 Session Fixation vulnerability in Actiontec Wcb6200Q Firmware
An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices.
network
high complexity
actiontec CWE-384
8.1
2018-05-14 CVE-2017-6021 Improper Input Validation vulnerability in multiple products
In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate.
network
low complexity
schneider-electric aveva CWE-20
7.5
2018-05-14 CVE-2018-0588 Path Traversal vulnerability in Ultimatemember User Profile & Membership
Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
ultimatemember CWE-22
7.5
2018-05-14 CVE-2018-0580 Untrusted Search Path vulnerability in Celsys products
Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
celsys CWE-426
7.8
2018-05-14 CVE-2018-0568 Unrestricted Upload of File with Dangerous Type vulnerability in Sitebridge Joruri GW
Unrestricted file upload vulnerability in SiteBridge Inc.
network
low complexity
sitebridge CWE-434
8.8