CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5542 79 XSS 2017-01-20 2017-01-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
2 CVE-2017-5518 918 2017-01-17 2017-01-18
4.3
None Remote Medium Not required None Partial None
The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
3 CVE-2017-5516 79 XSS 2017-01-17 2017-01-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
4 CVE-2017-5490 79 XSS 2017-01-14 2017-01-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
5 CVE-2017-5488 79 XSS 2017-01-14 2017-01-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
6 CVE-2017-5216 119 Overflow 2017-01-09 2017-01-10
4.3
None Remote Medium Not required None None Partial
Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744.
7 CVE-2017-3890 79 Exec Code XSS 2017-01-13 2017-01-20
4.3
None Remote Medium Not required None Partial None
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
8 CVE-2017-2947 20 Bypass 2017-01-10 2017-01-17
4.3
None Remote Medium Not required None Partial None
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF).
9 CVE-2017-2578 79 XSS 2017-01-20 2017-01-20
4.3
None Remote Medium Not required None Partial None
In Moodle 3.x, there is XSS in the assignment submission page.
10 CVE-2017-0402 200 +Info 2017-01-12 2017-01-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341.
11 CVE-2017-0401 200 +Info 2017-01-12 2017-01-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016.
12 CVE-2017-0400 200 +Info 2017-01-12 2017-01-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034.
13 CVE-2017-0399 200 +Info 2017-01-12 2017-01-17
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756.
14 CVE-2017-0398 200 +Info 2017-01-13 2017-01-18
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664.
15 CVE-2017-0397 200 +Info 2017-01-12 2017-01-18
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688.
16 CVE-2017-0396 200 +Info 2017-01-12 2017-01-18
4.3
None Remote Medium Not required Partial None None
An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965.
17 CVE-2017-0395 264 Bypass 2017-01-12 2017-01-18
4.3
None Remote Medium Not required None Partial None
An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099.
18 CVE-2016-1000155 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
19 CVE-2016-1000154 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin whizz v1.0.7
20 CVE-2016-1000153 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tidio-gallery v1.1
21 CVE-2016-1000152 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tidio-form v1.0
22 CVE-2016-1000151 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tera-charts v1.0
23 CVE-2016-1000150 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin simplified-content v1.0.0
24 CVE-2016-1000149 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2
25 CVE-2016-1000148 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin s3-video v0.983
26 CVE-2016-1000147 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin recipes-writer v1.0.4
27 CVE-2016-1000146 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin pondol-formmail v1.1
28 CVE-2016-1000145 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin pondol-carousel v1.0
29 CVE-2016-1000144 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin photoxhibit v2.1.8
30 CVE-2016-1000143 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin photoxhibit v2.1.8
31 CVE-2016-1000142 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin parsi-font v4.2.5
32 CVE-2016-1000141 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
33 CVE-2016-1000140 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin new-year-firework v1.1.9
34 CVE-2016-1000139 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin infusionsoft v1.5.11
35 CVE-2016-1000138 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin indexisto v1.0.5
36 CVE-2016-1000137 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
37 CVE-2016-1000136 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin heat-trackr v1.0
38 CVE-2016-1000135 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hdw-tube v1.2
39 CVE-2016-1000134 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hdw-tube v1.2
40 CVE-2016-1000133 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
41 CVE-2016-1000132 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
42 CVE-2016-1000131 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin e-search v1.0
43 CVE-2016-1000130 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin e-search v1.0
44 CVE-2016-1000129 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin defa-online-image-protector v3.3
45 CVE-2016-1000128 79 XSS 2016-10-10 2016-12-22
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin anti-plagiarism v3.60
46 CVE-2016-1000127 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin ajax-random-post v2.00
47 CVE-2016-1000126 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin admin-font-editor v1.8
48 CVE-2016-1000114 79 XSS 2016-10-06 2016-11-28
4.3
None Remote Medium Not required None Partial None
XSS in huge IT gallery v1.1.5 for Joomla
49 CVE-2016-1000033 295 2016-10-25 2016-11-07
4.3
None Remote Medium Not required Partial None None
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
50 CVE-2016-1000007 79 XSS 2016-10-07 2016-11-07
4.3
None Remote Medium Not required None Partial None
Pagure 2.2.1 XSS in raw file endpoint
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.