Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-14 | CVE-2017-1002025 | SQL Injection vulnerability in Add-Edit-Delete-Listing-For-Member-Module Project Add-Edit-Delete-Listing-For-Member-Module 1.0 Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. | 7.2 |
| 2017-09-14 | CVE-2017-1002007 | Missing Authorization vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 7.5 |
| 2017-09-14 | CVE-2017-1002006 | Missing Authorization vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table. | 7.5 |
| 2017-09-14 | CVE-2017-1002005 | SQL Injection vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. | 7.5 |
| 2017-09-14 | CVE-2017-1002004 | SQL Injection vulnerability in Dtracker Project Dtracker 1.5 Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. | 7.5 |
| 2017-09-14 | CVE-2017-13779 | Incorrect Permission Assignment for Critical Resource vulnerability in Gstn India Goods and Services TAX Network Offline Utility Tool 1.1 GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. | 7.8 |
| 2017-09-14 | CVE-2017-12997 | Infinite Loop vulnerability in Tcpdump The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). | 7.5 |
| 2017-09-14 | CVE-2017-12995 | Infinite Loop vulnerability in Tcpdump The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). | 7.5 |
| 2017-09-14 | CVE-2017-12990 | Infinite Loop vulnerability in Tcpdump The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. | 7.5 |
| 2017-09-14 | CVE-2017-12989 | Infinite Loop vulnerability in Tcpdump The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | 7.5 |