Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000031 | SQL Injection vulnerability in Cacti 0.8.8B SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | 8.8 |
| 2017-07-17 | CVE-2017-1000029 | Information Exposure vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. | 7.5 |
| 2017-07-17 | CVE-2017-1000028 | Path Traversal vulnerability in Oracle Glassfish Server 4.1 Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | 7.5 |
| 2017-07-17 | CVE-2017-1000026 | Path Traversal vulnerability in Progress Mixlib-Archive 0.1.0/0.2.0/0.3.0 Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | 7.5 |
| 2017-07-17 | CVE-2017-1000025 | Information Exposure vulnerability in Gnome Epiphany GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | 7.5 |
| 2017-07-17 | CVE-2017-1000024 | Cleartext Transmission of Sensitive Information vulnerability in Gnome Shotwell Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | 7.5 |
| 2017-07-17 | CVE-2017-1000022 | Incorrect Permission Assignment for Critical Resource vulnerability in Logicaldoc LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | 8.8 |
| 2017-07-17 | CVE-2017-1000021 | XXE vulnerability in Logicaldoc LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | 8.8 |
| 2017-07-17 | CVE-2017-1000018 | Improper Input Validation vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name | 7.5 |
| 2017-07-17 | CVE-2017-1000017 | Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | 8.8 |