Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-29 | CVE-2017-17920 | SQL Injection vulnerability in Rubyonrails Ruby on Rails SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. | 8.1 |
| 2017-12-29 | CVE-2017-17919 | SQL Injection vulnerability in Rubyonrails Ruby on Rails SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. | 8.1 |
| 2017-12-29 | CVE-2017-17917 | SQL Injection vulnerability in Rubyonrails Rails SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. | 8.1 |
| 2017-12-29 | CVE-2017-17916 | SQL Injection vulnerability in Rubyonrails Rails SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. | 8.1 |
| 2017-12-29 | CVE-2014-3651 | Resource Exhaustion vulnerability in Keycloak JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation. | 7.5 |
| 2017-12-29 | CVE-2013-7400 | Information Exposure vulnerability in DKD Direct Mail The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes. | 7.5 |
| 2017-12-28 | CVE-2017-17960 | Cross-Site Request Forgery (CSRF) vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | 8.8 |
| 2017-12-28 | CVE-2017-17952 | Improper Input Validation vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address. | 8.6 |
| 2017-12-28 | CVE-2017-17950 | SQL Injection vulnerability in Cells Blog 3.5 Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | 8.8 |
| 2017-12-28 | CVE-2017-15667 | Improper Input Validation vulnerability in Flexense Sysgauge 3.6.18 In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service. | 7.5 |