Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-23 | CVE-2013-7377 | Command Injection vulnerability in Codem-Transcode Project Codem-Transcode The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe. | 8.1 |
| 2017-10-23 | CVE-2012-4568 | Cross-Site Request Forgery (CSRF) vulnerability in Letodms Project Letodms Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2017-10-23 | CVE-2011-4334 | Unrestricted Upload of File with Dangerous Type vulnerability in Labwiki Project Labwiki edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter. | 8.8 |
| 2017-10-23 | CVE-2017-15808 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. | 8.8 |
| 2017-10-23 | CVE-2010-2232 | Improper Access Control vulnerability in Apache Derby In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. | 7.5 |
| 2017-10-23 | CVE-2017-9946 | Improper Authentication vulnerability in Siemens products A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. | 7.5 |
| 2017-10-23 | CVE-2017-15805 | Path Traversal vulnerability in Cisco products Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files. | 7.5 |
| 2017-10-23 | CVE-2017-15567 | Unspecified vulnerability in Idemia MSO 1300 Firmware The certificate import component in IDEMIA (formerly Morpho) MorphoSmart 1300 Series (aka MSO 1300 Series) devices allows local users to obtain a command shell, and consequently gain privileges, via unspecified vectors. | 7.8 |
| 2017-10-23 | CVE-2017-15378 | SQL Injection vulnerability in Softwarepublico E-Sic 1.0 SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | 8.8 |
| 2017-10-23 | CVE-2017-15377 | Unspecified vulnerability in Openinfosecfoundation Suricata In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. | 7.5 |