Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-30 CVE-2017-17997 NULL Pointer Dereference vulnerability in multiple products
In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes.
network
low complexity
wireshark debian CWE-476
7.5
2017-12-30 CVE-2017-17990 Cross-Site Request Forgery (CSRF) vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
network
low complexity
iwcnetwork CWE-352
8.8
2017-12-30 CVE-2017-17987 Unrestricted Upload of File with Dangerous Type vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
7.2
2017-12-30 CVE-2017-17983 SQL Injection vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
network
low complexity
muslim-matrimonial-script-project CWE-89
8.8
2017-12-29 CVE-2017-17901 Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware
ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.
network
low complexity
zyxel CWE-400
7.5
2017-12-29 CVE-2015-8008 Improper Access Control vulnerability in multiple products
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
network
low complexity
mediawiki fedoraproject CWE-284
7.5
2017-12-29 CVE-2015-3302 Improper Access Control vulnerability in Thecartpress Ecommerce Shopping Cart
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
network
low complexity
thecartpress CWE-284
7.5
2017-12-29 CVE-2014-8119 Improper Input Validation vulnerability in multiple products
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
network
low complexity
redhat fedoraproject netcf-project CWE-20
7.5
2017-12-29 CVE-2014-0120 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
network
low complexity
hawt redhat CWE-352
8.8
2017-12-29 CVE-2017-17973 Use After Free vulnerability in Libtiff 4.0.8
In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c.
network
low complexity
libtiff CWE-416
8.8