Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-19 | CVE-2017-14311 | Unspecified vulnerability in Netmechanica Netdecision 5.8.2 The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows local users to gain privileges via a crafted 0x9C402088 IOCTL call. | 7.8 |
| 2017-09-19 | CVE-2017-14141 | Deserialization of Untrusted Data vulnerability in Kaltura Server The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object. | 7.2 |
| 2017-09-19 | CVE-2015-4089 | Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page. | 8.8 |
| 2017-09-19 | CVE-2015-1854 | Improper Access Control vulnerability in multiple products 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | 7.5 |
| 2017-09-19 | CVE-2015-0689 | Data Processing Errors vulnerability in Cisco Cloud web Security Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. | 7.5 |
| 2017-09-19 | CVE-2014-9619 | Unrestricted Upload of File with Dangerous Type vulnerability in Netsweeper Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif. | 7.2 |
| 2017-09-19 | CVE-2014-9616 | Information Exposure vulnerability in Netsweeper Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to obtain sensitive information by making a request that redirects to the deny page. | 7.5 |
| 2017-09-19 | CVE-2014-5362 | Improper Input Validation vulnerability in Landesk Management Suite 8.7/8.8/9.6 The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx. | 7.2 |
| 2017-09-19 | CVE-2017-10931 | Path Traversal vulnerability in ZTE products The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download of the file directory range for WEB users, resulting in the ability to download any files and cause information leaks such as system configuration. | 7.5 |
| 2017-09-19 | CVE-2017-12616 | Information Exposure vulnerability in Apache Tomcat When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | 7.5 |