Vulnerabilities > High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-06	CVE-2017-7571	Cross-Site Request Forgery (CSRF) vulnerability in Ladybirdweb Faveo Helpdesk 1.9.3 public/rolechangeadmin in Faveo 1.9.3 allows CSRF. network low complexity ladybirdweb CWE-352	8.0
2017-04-06	CVE-2017-7569	Server-Side Request Forgery (SSRF) vulnerability in Vbulletin In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037. network low complexity vbulletin CWE-918	8.6
2017-04-06	CVE-2017-6884	OS Command Injection vulnerability in Zyxel Emg2926 Firmware V1.00(Aaqt.4)B8 A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. network low complexity zyxel CWE-78	8.8
2017-04-06	CVE-2017-7566	Server-Side Request Forgery (SSRF) vulnerability in Mybb MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism. network low complexity mybb CWE-918	7.7
2017-04-06	CVE-2017-7565	Path Traversal vulnerability in Splunk Hadoop Connect Splunk Hadoop Connect App has a path traversal vulnerability that allows remote authenticated users to execute arbitrary code, aka ERP-2041. network low complexity splunk CWE-22	8.8
2017-04-06	CVE-2017-2675	Little Snitch version 3.0 through 3.7.3 suffer from a local privilege escalation vulnerability in the installer part. local low complexity objective-development obdev	7.8
2017-04-06	CVE-2017-7192	Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). network low complexity starscream-project CWE-295	7.5
2017-04-06	CVE-2017-6968	Unspecified vulnerability in GMV Checker ATM Security GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03. network low complexity gmv	8.8
2017-04-06	CVE-2017-6130	Server-Side Request Forgery (SSRF) vulnerability in F5 SSL Intercept Iapp and SSL Orchestrator F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. network low complexity f5 CWE-918	7.4
2017-04-06	CVE-2017-5887	Improper Certificate Validation vulnerability in Starscream Project Starscream WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). network low complexity starscream-project CWE-295	7.5

Vulnerabilities > High {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"High"}]}

Vulnerabilities > High