Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-30 | CVE-2017-11749 | Untrusted Search Path vulnerability in Internet-Soft FTP Commander 8.02 InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file. | 7.8 |
| 2017-07-30 | CVE-2017-11748 | Untrusted Search Path vulnerability in Softonic Spider Player 2.5.3 VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file. | 7.8 |
| 2017-07-30 | CVE-2017-11746 | Files or Directories Accessible to External Parties vulnerability in Inversepath Tenshi 0.15 Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. | 7.5 |
| 2017-07-30 | CVE-2017-11742 | Untrusted Search Path vulnerability in Libexpat Project Libexpat 2.2.1/2.2.2 The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | 7.8 |
| 2017-07-29 | CVE-2017-11736 | SQL Injection vulnerability in Bigtreecms Bigtree CMS 4.2.18 SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter. | 8.8 |
| 2017-07-29 | CVE-2017-11723 | Path Traversal vulnerability in Xinha 0.96 Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | 7.5 |
| 2017-07-28 | CVE-2017-6257 | NULL Pointer Dereference vulnerability in Nvidia GPU Driver NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges | 8.8 |
| 2017-07-28 | CVE-2017-6256 | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or potential escalation of privileges. | 7.8 |
| 2017-07-28 | CVE-2017-6255 | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an improper input parameter handling may lead to a denial of service or potential escalation of privileges. | 7.8 |
| 2017-07-28 | CVE-2017-6254 | Improper Input Validation vulnerability in Nvidia GPU Driver NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from an user to the driver is used without validation which may lead to denial of service or potential escalation of privileges. | 7.8 |