Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-17 | CVE-2017-5521 | Unspecified vulnerability in Netgear products An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. | 8.1 |
| 2017-01-17 | CVE-2017-5520 | Unrestricted Upload of File with Dangerous Type vulnerability in Metalgenix Genixcms The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions. | 8.8 |
| 2017-01-17 | CVE-2017-5518 | Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | 7.4 |
| 2017-01-16 | CVE-2016-7904 | Cross-Site Request Forgery (CSRF) vulnerability in Cmsmadesimple CMS Made Simple Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request. | 8.0 |
| 2017-01-15 | CVE-2017-5480 | Path Traversal vulnerability in B2Evolution Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. | 8.1 |
| 2017-01-15 | CVE-2017-5493 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wordpress wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | 7.5 |
| 2017-01-15 | CVE-2017-5492 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php. | 8.8 |
| 2017-01-15 | CVE-2017-5489 | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload. | 8.8 |
| 2017-01-15 | CVE-2017-2584 | Use After Free vulnerability in Linux Kernel arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | 7.1 |
| 2017-01-14 | CVE-2016-8207 | Path Traversal vulnerability in Brocade Network Advisor 11.0.0.0/11.0.2.0 A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information. | 7.5 |