Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-03 CVE-2017-8018 Improper Input Validation vulnerability in EMC Appsync 2.0/3.0.0/3.5
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-20
7.5
2017-10-03 CVE-2017-6090 Unrestricted Upload of File with Dangerous Type vulnerability in PHPcollab 2.5/2.5.1
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
network
low complexity
phpcollab CWE-434
8.8
2017-10-03 CVE-2017-1569 Unspecified vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service.
network
low complexity
ibm
7.5
2017-10-03 CVE-2017-14979 Unspecified vulnerability in Gxlcms
Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php.
network
low complexity
gxlcms
7.5
2017-10-03 CVE-2017-14848 SQL Injection vulnerability in Dasinfomedia Wphrm Human Resource Management System 1.0
WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter.
network
low complexity
dasinfomedia CWE-89
8.8
2017-10-03 CVE-2017-14773 Unspecified vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500
Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state.
local
low complexity
skyboxsecurity
7.8
2017-10-03 CVE-2017-14758 SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId.
network
low complexity
opentext CWE-89
8.8
2017-10-03 CVE-2017-14757 SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId.
network
low complexity
opentext CWE-89
8.8
2017-10-03 CVE-2017-14496 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.
7.5
2017-10-03 CVE-2017-14495 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
network
low complexity
redhat debian canonical thekelleys CWE-772
7.5