Security Vulnerabilities - CVEs Published In September 2017
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
CVSS Score
8.8
EPSS Score
0.024
Published
2017-09-28
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
CVSS Score
6.5
EPSS Score
0.017
Published
2017-09-28
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-28
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-28
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-28
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-28
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-28
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-09-28
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
CVSS Score
7.5
EPSS Score
0.902
Published
2017-09-28
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-09-28