Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-12-29 CVE-2014-3651 Resource Exhaustion vulnerability in Keycloak
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
network
low complexity
keycloak CWE-400
7.5
7.5
2017-12-29 CVE-2013-7400 Information Exposure vulnerability in DKD Direct Mail
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
network
low complexity
dkd CWE-200
7.5
7.5
2017-12-28 CVE-2017-17960 Cross-Site Request Forgery (CSRF) vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. 		8.8
8.8
2017-12-28 CVE-2017-17952 Improper Input Validation vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce
PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.
network
low complexity
php-multivendor-ecommerce-project CWE-20
8.6
8.6
2017-12-28 CVE-2017-17950 SQL Injection vulnerability in Cells Blog 3.5
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
network
low complexity
cells CWE-89
8.8
8.8
2017-12-28 CVE-2017-15667 Improper Input Validation vulnerability in Flexense Sysgauge 3.6.18
In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a denial of service.
network
low complexity
flexense CWE-20
7.5
7.5
2017-12-28 CVE-2017-17942 Out-of-bounds Read vulnerability in Libtiff 4.0.9
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
network
low complexity
libtiff CWE-125
8.8
8.8
2017-12-28 CVE-2017-17941 SQL Injection vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. 		7.2
7.2
2017-12-28 CVE-2017-17939 Cross-Site Request Forgery (CSRF) vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. 		8.8
8.8
2017-12-28 CVE-2017-17936 Cross-Site Request Forgery (CSRF) vulnerability in Vanguard Project Marketplace Digital products PHP
Vanguard Marketplace Digital Products PHP has CSRF via /search.
network
low complexity
vanguard-project CWE-352
8.8
8.8