Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-08 | CVE-2018-9851 | Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence. | 7.5 |
| 2018-04-08 | CVE-2018-9850 | Path Traversal vulnerability in Gxlcms QY 1.0.0713 In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. | 7.5 |
| 2018-04-07 | CVE-2018-9846 | Improper Input Validation vulnerability in multiple products In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. | 8.8 |
| 2018-04-07 | CVE-2018-9327 | Improper Input Validation vulnerability in Etherpad Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. | 8.1 |
| 2018-04-07 | CVE-2018-9325 | Information Exposure vulnerability in Etherpad Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. | 7.5 |
| 2018-04-07 | CVE-2018-9841 | Out-of-bounds Read vulnerability in Ffmpeg The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | 8.8 |
| 2018-04-07 | CVE-2018-9331 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |
| 2018-04-06 | CVE-2014-1226 | Permissions, Privileges, and Access Controls vulnerability in S3Dvt Project S3Dvt 0.2.2 The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. | 7.8 |
| 2018-04-06 | CVE-2013-6876 | Permissions, Privileges, and Access Controls vulnerability in S3Dvt Project S3Dvt 0.2.2 The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. | 7.8 |
| 2018-04-06 | CVE-2014-5072 | Cross-Site Request Forgery (CSRF) vulnerability in Wpsecurityauditlog WP Security Audit LOG Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |