Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-02 | CVE-2017-2288 | Uncontrolled Search Path Element vulnerability in Lhaforge Project Lhaforge Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-08-02 | CVE-2017-2287 | Uncontrolled Search Path Element vulnerability in Sony NFC Port Software Remover 1.3.0.1 Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-08-02 | CVE-2017-2286 | Uncontrolled Search Path Element vulnerability in Sony products Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-08-02 | CVE-2017-2283 | Use of Hard-coded Credentials vulnerability in Iodata Wn-G300R3 Firmware WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | 8.0 |
| 2017-08-02 | CVE-2017-2281 | OS Command Injection vulnerability in Iodata Wn-Ax1167Gr Firmware 3.00 WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-08-02 | CVE-2017-2280 | Use of Hard-coded Credentials vulnerability in Iodata Wn-Ax1167Gr Firmware 3.00 WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. | 8.8 |
| 2017-08-02 | CVE-2017-2279 | Untrusted Search Path vulnerability in Kiri Tween Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-08-02 | CVE-2017-2138 | Cross-Site Request Forgery (CSRF) vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-08-02 | CVE-2017-11364 | Improper Certificate Validation vulnerability in Joomla Joomla! The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | 8.8 |
| 2017-08-01 | CVE-2017-8663 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Outlook Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability" | 7.8 |