Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-28 | CVE-2017-14844 | SQL Injection vulnerability in Dasinfomedia Wpgym GYM Management System Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | 8.8 |
| 2017-09-28 | CVE-2017-14843 | SQL Injection vulnerability in Dasinfomedia School Management System Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | 8.8 |
| 2017-09-28 | CVE-2017-14842 | SQL Injection vulnerability in Dasinfomedia Smsmaster Multipurpose SMS Gateway Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | 8.8 |
| 2017-09-28 | CVE-2017-14840 | Unrestricted Upload of File with Dangerous Type vulnerability in Teamworktec Ticketplus TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. | 8.8 |
| 2017-09-28 | CVE-2017-14839 | Unrestricted Upload of File with Dangerous Type vulnerability in Teamworktec Photo Fusion TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover. | 8.8 |
| 2017-09-28 | CVE-2017-14838 | Unrestricted Upload of File with Dangerous Type vulnerability in Teamworktec JOB Links TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange. | 8.8 |
| 2017-09-28 | CVE-2017-1483 | Missing Authentication for Critical Function vulnerability in IBM products IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 8.6 |
| 2017-09-28 | CVE-2017-14796 | Integer Underflow (Wrap or Wraparound) vulnerability in Libbpg Project Libbpg 0.9.7 The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg. | 8.8 |
| 2017-09-28 | CVE-2017-14795 | Out-of-bounds Read vulnerability in Libbpg Project Libbpg 0.9.7 The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hls_pcm_sample in hevc.c in libavcodec in FFmpeg and put_pcm_var in hevcdsp_template.c in libavcodec in FFmpeg. | 8.8 |
| 2017-09-28 | CVE-2017-14527 | XXE vulnerability in Opentext Documentum Administrator and Documentum Webtop Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in. | 8.8 |