Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17905 | Cross-Site Request Forgery (CSRF) vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8 PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | 8.8 |
| 2017-12-27 | CVE-2017-17903 | Cross-Site Request Forgery (CSRF) vulnerability in Fortunescripts Lynda Clone 1.0 FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | 8.8 |
| 2017-12-27 | CVE-2017-17898 | Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-12-27 | CVE-2017-17894 | Cross-Site Request Forgery (CSRF) vulnerability in Basic JOB Site Script Project Basic JOB Site Script Readymade Job Site Script has CSRF via the /job URI. | 8.8 |
| 2017-12-27 | CVE-2017-17891 | Cross-Site Request Forgery (CSRF) vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2 Readymade Video Sharing Script has CSRF via user-profile-edit.php. | 8.8 |
| 2017-12-27 | CVE-2017-17888 | OS Command Injection vulnerability in Hoytech Antiweb cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | 8.8 |
| 2017-12-27 | CVE-2017-17880 | Out-of-bounds Read vulnerability in Imagemagick 7.0.716 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | 8.8 |
| 2017-12-27 | CVE-2017-17879 | Out-of-bounds Read vulnerability in multiple products In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | 8.8 |
| 2017-12-27 | CVE-2017-17876 | Permission Issues vulnerability in Iwcnetwork Shift 3.0 Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter. | 7.5 |
| 2017-12-27 | CVE-2017-17874 | Unrestricted Upload of File with Dangerous Type vulnerability in Vanguard Project Marketplace Digital products PHP 1.4.0 Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | 8.8 |