Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-4927 | LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5 VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | 7.5 |
| 2017-11-17 | CVE-2017-10887 | Untrusted Search Path vulnerability in Bookwalker Book Walker 1.2.5/1.2.9 Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-11-17 | CVE-2017-16871 | Code Injection vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. | 8.1 |
| 2017-11-17 | CVE-2017-16870 | Server-Side Request Forgery (SSRF) vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. | 8.1 |
| 2017-11-17 | CVE-2017-16869 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in UPX Project UPX 3.94 p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. | 7.8 |
| 2017-11-17 | CVE-2017-1000229 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | 7.8 |
| 2017-11-17 | CVE-2017-1000129 | SQL Injection vulnerability in S9Y Serendipity 2.0.3 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 7.5 |
| 2017-11-17 | CVE-2017-1000125 | Incorrect Permission Assignment for Critical Resource vulnerability in Codiad Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 7.5 |
| 2017-11-17 | CVE-2017-1000247 | Improper Input Validation vulnerability in Codeigniter 3.1.3 British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. | 7.5 |
| 2017-11-17 | CVE-2017-1000241 | Improper Privilege Management vulnerability in Open-Emr Openemr 5.0.1 The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. | 8.1 |