v.26.4.2314

High Severity Vulnerabilities

Found 13053 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

Reachable SharePoint interface

-

CWE-200

High

SharePoint user enumeration

-

CWE-200

High

Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)

CVE-2014-0050

CWE-701

High

Apache Struts 2 ClassLoader manipulation and denial of service

CVE-2014-0114

CWE-701

High

Multiple critical vulnerabilities in Apache Struts2

CVE-2012-0393

CWE-917

High

Struts2/XWork remote command execution (S2-014)

CVE-2013-2115

CWE-94

High

Struts 2 development mode

-

CWE-489

High

TCPDF arbitrary file read

-

CWE-98

High

timthumb.php remote code execution

CVE-2011-4106

CWE-20

High

TimThumb WebShot remote code execution

-

CWE-94

High

Apache Tomcat JK connector security bypass

CVE-2007-1860

CWE-200

High

ToolsPack malware plugin

-

CWE-95

High

Umbraco CMS local file inclusion

-

CWE-98

High

Umbraco CMS TemplateService remote code execution

CVE-2013-4793

CWE-94

High

Umbraco CMS remote code execution

-

CWE-94

High

Uncontrolled format string

-

CWE-134

High

VirtueMart access control bypass

-

CWE-287

High

WEBrick v.1.3 directory traversal

CVE-2008-1145

CWE-22

High

WordPress plugin WPtouch insecure nonce generation

-

CWE-287

High

WebLogic Server Side Request Forgery

CVE-2014-4242

CWE-918

High

IBM WebSphere/WebLogic application source file exposure

-

CWE-200

High

WooFramework shortcode exploit

-

CWE-95

High

WordPress debug mode

-

CWE-200

High

WordPress plugin Slider Revolution arbitrary file disclosure

-

CWE-200

High

WordPress OptimizePress unrestricted file upload

CVE-2013-7102

CWE-20

High

WordPress MailPoet Newsletters (wysija-newsletters) unauthenticated file upload

-

CWE-434

High

X-Forwarded-For HTTP header security bypass

-

CWE-287

High

XML quadratic blowup denial of service attack

-

CWE-400

High

XSLT injection

-

CWE-91

High

Zabbix 2.0.8 SQL injection

CVE-2013-5743

CWE-89

High

Zend framework configuration file information disclosure

-

CWE-538

High

Zend Framework local file disclosure via XXE injection

CVE-2015-5161

CWE-611

High

CKEditor 4.0.1 cross-site scripting vulnerability

-

CWE-79

High

Drupal core 7.x SQL injection vulnerability

CVE-2014-3704

CWE-89

High

Drupal 7 arbitrary PHP code execution and information disclosure

CVE-2012-4554

CWE-434

High

Ektron CMS400.NET ContentRatingGraph.aspx SQL injection

CVE-2008-5122

CWE-89

High

Ektron CMS multiple vulnerabilities

-

CWE-434

High

Ektron CMS unauthenticated code execution and Local File Read

CVE-2012-5358

CWE-20

High

Elasticsearch service accessible

-

CWE-200

High

Elasticsearch remote code execution

CVE-2014-3120

CWE-78

High

Ext JS arbitrary file read

-

CWE-22

High

Gallery 3.0.4 remote code execution

-

CWE-20

High

Horde/IMP Plesk webmail exploit

-

CWE-20

High

Invision Power Board version 3.3.4 unserialize PHP code execution

CVE-2012-5692

CWE-20

High

Joomla! 1.6/1.7/2.5 privilege escalation vulnerability

CVE-2012-1563

CWE-269

High

Joomla! 1.6.0 SQL injection vulnerability

CVE-2011-1151

CWE-89

High

Joomla! 1.7/2.5 SQL injection vulnerability

CVE-2012-1116

CWE-89

High

Kayako Fusion v4.51.1891 - multiple web vulnerabilities

-

CWE-79

High

Liferay JSON service API authentication vulnerability

-

CWE-287

High

lighttpd v1.4.34 SQL injection and path traversal

CVE-2014-2324

CWE-89

High

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

CVE-2012-3302

CWE-79

High

MediaWiki multiple remote vulnerabilities

CVE-2012-4378

CWE-79

High

MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities

CVE-2012-6081

CWE-434

High

Vulnerabilities in SharePoint could allow elevation of privilege

CVE-2012-1859

CWE-79

High

Nginx memory disclosure with specially crafted HTTP backend responses

CVE-2012-1180

CWE-416

High

Unrestricted file upload vulnerability in ofc_upload_image.php

CVE-2009-4140

CWE-434

High

OpenX 2.8.10 backdoor

CVE-2013-4211

CWE-95

High

phpLiteAdmin default password

-

CWE-200

High

phpMoAdmin remote code execution

-

CWE-95

High

phpMyAdmin v3.5.2.2 backdoor

CVE-2012-5159

CWE-95

High

Roundcube security updates 0.8.6 and 0.7.3

CVE-2013-1904

CWE-22

High

SQL Injection in Symphony

CVE-2013-2559

CWE-89

High

Typo3 core sanitizeLocalUrl() non-persistent cross-site scripting

CVE-2015-5956

CWE-79

High

vBulletin 5.1.2 SQL injection

CVE-2014-5102

CWE-89

High

vBulletin 5 CONNECT remote code execution

-

CWE-94

High

vBulletin PHP object injection vulnerability

-

CWE-915

High

vBSEO 3.6.0 PHP code injection

CVE-2012-5223

CWE-94

High

vBulletin 4 (up to 4.1.2) search.php SQL injection

-

CWE-89

High

vBulletin customer number disclosure

CVE-2013-6129

CWE-200

High

CodeIgniter weak encryption key

-

CWE-200

High

Ruby on Rails weak/known secret token

CVE-2013-0156

CWE-200

High

webadmin.php script

-

CWE-552

High

WordPress W3 Total Cache plugin predictable cache filenames

CVE-2012-6079

CWE-200

High

WordPress caching plugins PHP code execution

CVE-2013-2010

CWE-95

High

Apache Geronimo default administrative credentials

-

CWE-693

High