Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-31 | CVE-2017-9481 | Unspecified vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network. | 7.5 |
| 2017-07-31 | CVE-2017-9478 | Information Exposure vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421733160420Acmcst/Dpc3939P2018V303R20421746170221Acmcst The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname. | 7.5 |
| 2017-07-30 | CVE-2017-11756 | Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR Music 4.1 In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | 7.0 |
| 2017-07-30 | CVE-2017-11692 | Reachable Assertion vulnerability in Yaml-Cpp Project Yaml-Cpp The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | 7.5 |
| 2017-07-30 | CVE-2017-11749 | Untrusted Search Path vulnerability in Internet-Soft FTP Commander 8.02 InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | 7.8 |
| 2017-07-30 | CVE-2017-11748 | Untrusted Search Path vulnerability in Softonic Spider Player 2.5.3 VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file. | 7.8 |
| 2017-07-30 | CVE-2017-11746 | Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15 Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | 7.5 |
| 2017-07-30 | CVE-2017-11742 | Untrusted Search Path vulnerability in Libexpat Project Libexpat 2.2.1/2.2.2 The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | 7.8 |
| 2017-07-29 | CVE-2017-11736 | SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18 SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | 8.8 |
| 2017-07-29 | CVE-2017-11723 | Path Traversal vulnerability in Xinha 0.96 Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | 7.5 |