Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-03 | CVE-2017-1569 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. | 7.5 |
2017-10-03 | CVE-2017-14979 | Unspecified vulnerability in Gxlcms Gxlcms uses an unsafe character-replacement approach in an attempt to restrict access, which allows remote attackers to read arbitrary files via modified pathnames in the s parameter to index.php, related to Lib/Admin/Action/TplAction.class.php and Lib/Admin/Common/function.php. | 7.5 |
2017-10-03 | CVE-2017-14848 | SQL Injection vulnerability in Dasinfomedia Wphrm Human Resource Management System 1.0 WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. | 8.8 |
2017-10-03 | CVE-2017-14773 | Unspecified vulnerability in Skyboxsecurity Skybox Manager Client Application 8.5.500 Skybox Manager Client Application prior to 8.5.501 is prone to an elevation of privileges vulnerability during authentication of a valid user in a debugger-pause state. | 7.8 |
2017-10-03 | CVE-2017-14758 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. | 8.8 |
2017-10-03 | CVE-2017-14757 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. | 8.8 |
2017-10-03 | CVE-2017-14496 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | 7.5 |
2017-10-03 | CVE-2017-14495 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. | 7.5 |
2017-10-03 | CVE-2017-13704 | Improper Input Validation vulnerability in multiple products In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. | 7.5 |
2017-10-03 | CVE-2017-1311 | SQL Injection vulnerability in IBM Insights Foundation for Energy 2.0 IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. | 8.8 |