Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-16 | CVE-2017-7615 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Mantisbt MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. | 8.8 |
| 2017-04-15 | CVE-2017-7881 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. | 8.8 |
| 2017-04-14 | CVE-2017-7879 | SQL Injection vulnerability in Flatcore Flatcore-Cms 1.4.6 SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. | 7.5 |
| 2017-04-14 | CVE-2017-7877 | Cross-Site Request Forgery (CSRF) vulnerability in Flatcore Flatcore-Cms 1.4.6 CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations. | 8.8 |
| 2017-04-14 | CVE-2017-7717 | SQL Injection vulnerability in SAP Netweaver Application Server Java 7.40 SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. | 8.8 |
| 2017-04-14 | CVE-2017-7696 | Allocation of Resources Without Limits or Throttling vulnerability in SAP SSO Authentication Library 2.0/3.0 SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042. | 7.5 |
| 2017-04-14 | CVE-2017-7690 | OS Command Injection vulnerability in Proxifier Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | 7.8 |
| 2017-04-14 | CVE-2017-6554 | Improper Input Validation vulnerability in Quest Privilege Manager 6.0.027/6.0.050 pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action. | 7.2 |
| 2017-04-14 | CVE-2016-8602 | Incorrect Type Conversion or Cast vulnerability in Artifex Ghostscript The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. | 7.8 |
| 2017-04-14 | CVE-2016-7051 | Server-Side Request Forgery (SSRF) vulnerability in Fasterxml Jackson-Dataformat-Xml XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD. | 8.6 |