Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-2253 Untrusted Search Path vulnerability in Yahoo Toolbar 8.0.0.6
Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
yahoo CWE-426
7.8
2017-07-17 CVE-2017-2252 Untrusted Search Path vulnerability in Sourcenext File Compact 5.09/6.01/7.01
Untrusted search path vulnerability in self-extracting archive files created by File Compact Ver.5 version 5.10 and earlier, Ver.6 version 6.02 and earlier, Ver.7 version 7.02 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
sourcenext CWE-426
7.8
2017-07-17 CVE-2017-2249 Untrusted Search Path vulnerability in Chitora Lhaz+ 3.4.0
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
chitora CWE-426
7.8
2017-07-17 CVE-2017-2248 Untrusted Search Path vulnerability in Chitora Lhaz+ 3.4.0
Untrusted search path vulnerability in Installer of Lhaz+ version 3.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
chitora CWE-426
7.8
2017-07-17 CVE-2017-2247 Untrusted Search Path vulnerability in Chitora Lhaz 2.4.0
Untrusted search path vulnerability in Self-extracting archive files created by Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
chitora CWE-426
7.8
2017-07-17 CVE-2017-2246 Untrusted Search Path vulnerability in Chitora Lhaz 2.4.0
Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
chitora CWE-426
7.8
2017-07-17 CVE-2017-1183 SQL Injection vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used.
high complexity
ibm CWE-89
7.5
2017-07-17 CVE-2017-1182 Unspecified vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used.
high complexity
ibm
7.5
2017-07-17 CVE-2017-1181 Cleartext Transmission of Sensitive Information vulnerability in IBM Tivoli Monitoring 6.2.2.9/6.2.3.5/6.3.0.7
IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted.
local
high complexity
ibm CWE-319
7.0
2017-07-17 CVE-2017-11347 Unspecified vulnerability in Metinfo 5.3.17
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
network
low complexity
metinfo
8.8