Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-28 CVE-2016-8586 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2016-8585 Permissions, Privileges, and Access Controls vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.
network
low complexity
trendmicro CWE-264
8.8
2017-04-28 CVE-2017-1194 Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2017-04-28 CVE-2017-2156 Untrusted Search Path vulnerability in Vivaldi Installer for Windows
Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
local
low complexity
vivaldi CWE-426
7.8
2017-04-28 CVE-2017-2155 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in I.Con Corporation Hoozin Viewer 2/3
Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.
network
low complexity
i-con-corporation CWE-119
8.8
2017-04-28 CVE-2017-2154 Improper Input Validation vulnerability in Justsystems products
Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
justsystems CWE-20
7.8
2017-04-28 CVE-2017-2153 Improper Input Validation vulnerability in Seil products
SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets.
network
low complexity
seil CWE-20
7.5
2017-04-28 CVE-2017-2149 Untrusted Search Path vulnerability in Toshiba Flashair
Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series<W-03>) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series<W-02>) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
network
low complexity
toshiba CWE-426
8.8
2017-04-28 CVE-2017-2141 OS Command Injection vulnerability in Iodata Wn-G300R3 Firmware 1.01/1.03
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
network
low complexity
iodata CWE-78
7.2
2017-04-28 CVE-2017-2140 Injection vulnerability in Gaku Tablacus Explorer 17.3.30
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.
network
low complexity
gaku CWE-74
8.8