Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-21 | CVE-2015-3932 | XML Injection (aka Blind XPath Injection) vulnerability in Netlock Mokka 2.7 Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. | 7.8 |
2017-07-21 | CVE-2015-3931 | XML Injection (aka Blind XPath Injection) vulnerability in Microsec E-Szigno 3.2 Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object. | 7.8 |
2017-07-21 | CVE-2015-3640 | Code Injection vulnerability in PHPmybackuppro phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. | 7.5 |
2017-07-21 | CVE-2015-3639 | Improper Input Validation vulnerability in PHPmybackuppro phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file. | 8.8 |
2017-07-21 | CVE-2015-3638 | Code Injection vulnerability in PHPmybackuppro phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | 8.8 |
2017-07-21 | CVE-2015-3198 | Information Exposure vulnerability in Redhat Jboss Wildfly Application Server 9.0.0 The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL. | 7.5 |
2017-07-21 | CVE-2017-9930 | Cross-Site Request Forgery (CSRF) vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP. | 8.8 |
2017-07-21 | CVE-2017-10993 | Path Traversal vulnerability in Contao CMS Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal. | 8.8 |
2017-07-20 | CVE-2017-11468 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint. | 7.5 |
2017-07-20 | CVE-2017-11500 | Path Traversal vulnerability in Metinfo 5.3.17 A directory traversal vulnerability exists in MetInfo 5.3.17. | 7.5 |