Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-22 CVE-2017-15733 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/ajax.attachment.php and admin/att.main.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15732 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15731 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15730 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2017-15729 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
network
low complexity
phpmyfaq CWE-352
8.8
8.8
2017-10-22 CVE-2015-5699 Permissions, Privileges, and Access Controls vulnerability in Cumulusnetworks Cumulus Linux 2.5.3
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.
local
low complexity
cumulusnetworks CWE-264
7.8
7.8
2017-10-22 CVE-2015-5177 Double Free vulnerability in multiple products
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
network
low complexity
openslp debian CWE-415
7.5
7.5
2017-10-20 CVE-2017-13127 Information Exposure vulnerability in VIP
The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.
network
high complexity
vip CWE-200
8.1
8.1
2017-10-20 CVE-2013-6049 Improper Input Validation vulnerability in multiple products
apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.
local
low complexity
apt-listbugs-project debian CWE-20
7.8
7.8
2017-10-20 CVE-2017-6145 Insufficient Session Expiration vulnerability in F5 products
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens.
network
low complexity
f5 CWE-613
7.3
7.3