Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-13 | CVE-2017-17615 | SQL Injection vulnerability in Facebook Clone Script Project Facebook Clone Script 1.0 Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter. | 8.8 |
| 2017-12-13 | CVE-2017-17593 | Unrestricted Upload of File with Dangerous Type vulnerability in Simple Chatting System Project Simple Chatting System 1.0 Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/. | 7.5 |
| 2017-12-13 | CVE-2017-17568 | Incorrect Permission Assignment for Critical Resource vulnerability in Scubez Posty Readymade Classifieds Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive information via a direct request. | 7.5 |
| 2017-12-13 | CVE-2017-17567 | SQL Injection vulnerability in Scubez Posty Readymade Classifieds Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. | 7.5 |
| 2017-12-13 | CVE-2017-17538 | Unspecified vulnerability in Mikrotik Router Firmware 6.40.5 MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets. | 7.5 |
| 2017-12-13 | CVE-2017-5534 | Unspecified vulnerability in Tibco Tibbr The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. | 8.8 |
| 2017-12-13 | CVE-2017-5530 | Unspecified vulnerability in Tibco Tibbr The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. | 8.1 |
| 2017-12-13 | CVE-2017-14362 | Cross-Site Request Forgery (CSRF) vulnerability in Microfocus Project and Portfolio Management 9.32 Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.3 |
| 2017-12-13 | CVE-2017-14361 | Unspecified vulnerability in Microfocus Project and Portfolio Management 9.32 Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. | 7.4 |
| 2017-12-12 | CVE-2017-17566 | Unspecified vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page. | 7.8 |