Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-12-30	CVE-2017-17997	NULL Pointer Dereference vulnerability in multiple products In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. network low complexity wireshark debian CWE-476	7.5
2017-12-30	CVE-2017-17990	Cross-Site Request Forgery (CSRF) vulnerability in Iwcnetwork Biometric Shift Employee Management System 4.0 Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. network low complexity iwcnetwork CWE-352	8.8
2017-12-30	CVE-2017-17987	Unrestricted Upload of File with Dangerous Type vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php. network low complexity muslim-matrimonial-script-project CWE-434	7.2
2017-12-30	CVE-2017-17983	SQL Injection vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. network low complexity muslim-matrimonial-script-project CWE-89	8.8
2017-12-29	CVE-2017-17901	Resource Exhaustion vulnerability in Zyxel P-660Hw Firmware ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. network low complexity zyxel CWE-400	7.5
2017-12-29	CVE-2015-8008	Improper Access Control vulnerability in multiple products The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. network low complexity mediawiki fedoraproject CWE-284	7.5
2017-12-29	CVE-2015-3302	Improper Access Control vulnerability in Thecartpress Ecommerce Shopping Cart The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." network low complexity thecartpress CWE-284	7.5
2017-12-29	CVE-2014-8119	Improper Input Validation vulnerability in multiple products The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions. network low complexity redhat fedoraproject netcf-project CWE-20	7.5
2017-12-29	CVE-2014-0120	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." network low complexity hawt redhat CWE-352	8.8
2017-12-29	CVE-2017-17973	Use After Free vulnerability in Libtiff 4.0.8 In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. network low complexity libtiff CWE-416	8.8

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High