Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2017-12651 | Cross-Site Request Forgery (CSRF) vulnerability in Loginizer Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | 8.8 |
| 2017-08-07 | CVE-2015-7887 | Improper Access Control vulnerability in Netapp Snapcenter Server 1.0 NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | 8.1 |
| 2017-08-07 | CVE-2015-7875 | Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. | 7.5 |
| 2017-08-07 | CVE-2015-1378 | Permissions, Privileges, and Access Controls vulnerability in Grml Grml-Debootstrap cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | 7.5 |
| 2017-08-07 | CVE-2014-9262 | Permissions, Privileges, and Access Controls vulnerability in Snapcreek Duplicator The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | 8.2 |
| 2017-08-07 | CVE-2014-9260 | Permissions, Privileges, and Access Controls vulnerability in Downloadmanager Download Manager The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | 8.8 |
| 2017-08-07 | CVE-2011-5325 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | 7.5 |
| 2017-08-07 | CVE-2017-9801 | Improper Input Validation vulnerability in Apache Commons Email When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers. | 7.5 |
| 2017-08-07 | CVE-2017-12644 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.61 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. | 8.8 |
| 2017-08-07 | CVE-2017-12642 | Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick 7.0.61 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in coders\mpc.c. | 8.8 |