Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-30 CVE-2017-11749 Untrusted Search Path vulnerability in Internet-Soft FTP Commander 8.02
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.
local
low complexity
internet-soft CWE-426
7.8
2017-07-30 CVE-2017-11748 Untrusted Search Path vulnerability in Softonic Spider Player 2.5.3
VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file.
local
low complexity
softonic CWE-426
7.8
2017-07-30 CVE-2017-11746 Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command.
network
low complexity
inversepath CWE-552
7.5
2017-07-30 CVE-2017-11742 Untrusted Search Path vulnerability in Libexpat Project Libexpat 2.2.1/2.2.2
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
local
low complexity
libexpat-project CWE-426
7.8
2017-07-29 CVE-2017-11736 SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
network
low complexity
bigtreecms CWE-89
8.8
2017-07-29 CVE-2017-11723 Path Traversal vulnerability in Xinha 0.96
Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.
network
low complexity
xinha CWE-22
7.5
2017-07-28 CVE-2017-6257 NULL Pointer Dereference vulnerability in Nvidia GPU Driver
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges
local
low complexity
nvidia CWE-476
8.8
2017-07-28 CVE-2017-6256 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8
2017-07-28 CVE-2017-6255 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8
2017-07-28 CVE-2017-6254 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8