CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5520 19 2017-01-17 2017-01-18
6.5
None Remote Low Single system Partial Partial Partial
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
2 CVE-2017-5492 352 CSRF 2017-01-14 2017-01-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php.
3 CVE-2017-5489 352 CSRF 2017-01-14 2017-01-18
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload.
4 CVE-2017-5476 352 CSRF 2017-01-14 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin.
5 CVE-2017-5475 352 CSRF 2017-01-14 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments.
6 CVE-2017-5473 352 CSRF 2017-01-14 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.
7 CVE-2017-5364 119 DoS Exec Code Overflow Mem. Corr. 2017-01-13 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0.
8 CVE-2017-5347 89 Exec Code Sql 2017-01-12 2017-01-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
9 CVE-2017-5346 89 Exec Code Sql 2017-01-12 2017-01-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
10 CVE-2017-5345 89 Exec Code Sql 2017-01-12 2017-01-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.
11 CVE-2017-5209 119 DoS Overflow +Info 2017-01-11 2017-01-13
6.4
None Remote Low Not required Partial None Partial
The base64decode function in base64.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
12 CVE-2017-0382 284 Exec Code 2017-01-12 2017-01-18
6.8
None Remote Medium Not required Partial Partial Partial
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.
13 CVE-2017-0002 264 Bypass 2017-01-10 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
14 CVE-2016-1000213 352 CSRF 2016-10-25 2016-11-07
6.8
None Remote Medium Not required Partial Partial Partial
Ruckus Wireless H500 web management interface CSRF
15 CVE-2016-1000122 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
16 CVE-2016-1000120 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
17 CVE-2016-1000119 79 XSS 2016-10-21 2017-01-17
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
18 CVE-2016-1000118 79 XSS 2016-10-21 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
19 CVE-2016-1000117 79 XSS 2016-10-21 2017-01-05
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
20 CVE-2016-1000116 79 Sql XSS 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS
21 CVE-2016-1000115 79 Sql XSS 2016-10-21 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS
22 CVE-2016-1000000 89 Sql 2016-10-06 2017-01-17
6.5
None Remote Low Single system Partial Partial Partial
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
23 CVE-2016-10125 798 2017-01-09 2017-01-12
6.8
None Remote Medium Not required Partial Partial Partial
D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session.
24 CVE-2016-10088 416 DoS 2016-12-30 2017-01-06
6.9
None Local Medium Not required Complete Complete Complete
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.
25 CVE-2016-10085 284 File Inclusion 2016-12-30 2017-01-03
6.5
None Remote Low Single system Partial Partial Partial
admin/languages.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the tab parameter.
26 CVE-2016-10084 284 File Inclusion 2016-12-30 2017-01-03
6.5
None Remote Low Single system Partial Partial Partial
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
27 CVE-2016-10072 264 Exec Code 2016-12-27 2016-12-28
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer."
28 CVE-2016-10045 77 Exec Code 2016-12-30 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
The isMail transport in PHPMailer before 5.2.20, when the Sender property is not set, might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
29 CVE-2016-10033 77 Exec Code 2016-12-30 2017-01-06
6.8
None Remote Medium Not required Partial Partial Partial
The mailSend function in the isMail transport in PHPMailer before 5.2.18, when the Sender property is not set, might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted From address.
30 CVE-2016-10031 264 Exec Code 2016-12-27 2016-12-30
6.9
None Local Medium Not required Complete Complete Complete
** DISPUTED ** WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer."
31 CVE-2016-10010 264 +Priv 2017-01-04 2017-01-06
6.9
None Local Medium Not required Complete Complete Complete
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
32 CVE-2016-9920 284 Exec Code 2016-12-08 2016-12-14
6.0
None Remote Medium Single system Partial Partial Partial
steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.
33 CVE-2016-9866 352 CSRF 2016-12-10 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in phpMyAdmin. When the arg_separator is different from its default & value, the CSRF token was not properly stripped from the return URL of the preference import action. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
34 CVE-2016-9864 89 Sql 2016-12-10 2016-12-23
6.0
None Remote Medium Single system Partial Partial Partial
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
35 CVE-2016-9832 74 Exec Code 2016-12-09 2016-12-27
6.5
None Remote Low Single system Partial Partial Partial
PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code via (1) SAPGUI or (2) Internet Communication Framework (ICF) over HTTP or HTTPS, as demonstrated by WEBGUI or Report.
36 CVE-2016-9809 125 2017-01-13 2017-01-17
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
37 CVE-2016-9777 125 DoS +Priv 2016-12-28 2016-12-30
6.9
None Local Medium Not required Complete Complete Complete
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
38 CVE-2016-9675 119 Exec Code Overflow 2016-12-22 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.
39 CVE-2016-9563 284 2016-11-22 2016-11-29
6.0
None Remote Medium Single system Partial Partial Partial
BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909.
40 CVE-2016-9480 119 DoS Overflow +Info 2016-11-29 2016-12-22
6.4
None Remote Low Not required Partial None Partial
libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
41 CVE-2016-9429 119 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
42 CVE-2016-9428 119 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
43 CVE-2016-9426 190 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.
44 CVE-2016-9425 119 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
45 CVE-2016-9424 119 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.
46 CVE-2016-9423 119 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
47 CVE-2016-9422 119 DoS Exec Code Overflow 2016-12-11 2016-12-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.
48 CVE-2016-9318 611 2016-11-15 2016-11-29
6.8
None Remote Medium Not required Partial Partial Partial
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
49 CVE-2016-9310 400 2017-01-13 2017-01-17
6.4
None Remote Low Not required Partial None Partial
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
50 CVE-2016-9272 89 DoS Sql 2016-11-11 2016-11-29
6.4
None Remote Low Not required Partial None Partial
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.