Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-21 CVE-2015-3932 XML Injection (aka Blind XPath Injection) vulnerability in Netlock Mokka 2.7
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.
local
low complexity
netlock CWE-91
7.8
2017-07-21 CVE-2015-3931 XML Injection (aka Blind XPath Injection) vulnerability in Microsec E-Szigno 3.2
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.
local
low complexity
microsec CWE-91
7.8
2017-07-21 CVE-2015-3640 Code Injection vulnerability in PHPmybackuppro
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts.
network
high complexity
phpmybackuppro CWE-94
7.5
2017-07-21 CVE-2015-3639 Improper Input Validation vulnerability in PHPmybackuppro
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.
network
low complexity
phpmybackuppro CWE-20
8.8
2017-07-21 CVE-2015-3638 Code Injection vulnerability in PHPmybackuppro
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.
network
low complexity
phpmybackuppro CWE-94
8.8
2017-07-21 CVE-2015-3198 Information Exposure vulnerability in Redhat Jboss Wildfly Application Server 9.0.0
The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.
network
low complexity
redhat CWE-200
7.5
2017-07-21 CVE-2017-9930 Cross-Site Request Forgery (CSRF) vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb
Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.
network
low complexity
greenpacket CWE-352
8.8
2017-07-21 CVE-2017-10993 Path Traversal vulnerability in Contao CMS
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
network
low complexity
contao CWE-22
8.8
2017-07-20 CVE-2017-11468 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
network
low complexity
docker redhat CWE-770
7.5
2017-07-20 CVE-2017-11500 Path Traversal vulnerability in Metinfo 5.3.17
A directory traversal vulnerability exists in MetInfo 5.3.17.
network
low complexity
metinfo CWE-22
7.5