Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-18 | CVE-2017-6621 | Information Exposure vulnerability in Cisco Prime Collaboration Provisioning A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. | 7.5 |
2017-05-18 | CVE-2017-3980 | Path Traversal vulnerability in Mcafee Epolicy Orchestrator A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session. | 7.2 |
2017-05-18 | CVE-2017-9069 | Unrestricted Upload of File with Dangerous Type vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess. | 8.8 |
2017-05-18 | CVE-2017-9067 | Path Traversal vulnerability in multiple products In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. | 7.0 |
2017-05-18 | CVE-2017-9066 | Server-Side Request Forgery (SSRF) vulnerability in multiple products In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF. | 8.6 |
2017-05-18 | CVE-2017-9065 | Improper Input Validation vulnerability in multiple products In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API. | 7.5 |
2017-05-18 | CVE-2017-9064 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials. | 8.8 |
2017-05-18 | CVE-2017-9062 | Open Redirect vulnerability in multiple products In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | 8.6 |
2017-05-18 | CVE-2017-9050 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. | 7.5 |
2017-05-18 | CVE-2017-9049 | Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. | 7.5 |