Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-28 | CVE-2017-2125 | Unspecified vulnerability in Allied Telesis K.K. Centrecom Ar260S V2 Firmware Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account. | 8.8 |
| 2017-04-28 | CVE-2017-2120 | SQL Injection vulnerability in Wbce CMS SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 7.2 |
| 2017-04-28 | CVE-2017-2119 | Path Traversal vulnerability in Wbce CMS Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 8.6 |
| 2017-04-28 | CVE-2017-2113 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Iodata products Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2112 | OS Command Injection vulnerability in Iodata products TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2108 | Untrusted Search Path vulnerability in Softbank Primedrive Desktop Application 1.4.3 Untrusted search path vulnerability in PrimeDrive Desktop Application 1.4.3 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2107 | Untrusted Search Path vulnerability in Akky 7-Zip32.Dll Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-04-28 | CVE-2017-2102 | Cross-Site Request Forgery (CSRF) vulnerability in IPA Appgoat 3.0.0 Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2017-04-28 | CVE-2017-2101 | Improper Authentication vulnerability in IPA Appgoat 3.0.0 Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors. | 7.3 |
| 2017-04-28 | CVE-2017-2097 | Cross-Site Request Forgery (CSRF) vulnerability in Support-Project Knowledge Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 |