CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-12910 Exec Code Sql 2017-08-17 2017-08-17
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter.
2 CVE-2017-12909 Exec Code Sql 2017-08-17 2017-08-17
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
3 CVE-2017-12908 Exec Code Sql 2017-08-17 2017-08-17
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter.
4 CVE-2017-12907 XSS 2017-08-17 2017-08-17
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
5 CVE-2017-12892 2017-08-16 2017-08-16
0.0
None ??? ??? ??? ??? ??? ???
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
6 CVE-2017-12880 2017-08-16 2017-08-16
0.0
None ??? ??? ??? ??? ??? ???
In PyJWT 1.5.0 and below the 'invalid_strings' check in 'HMACAlgorithm.prepare_key' does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string '-----BEGIN RSA PUBLIC KEY-----' which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
7 CVE-2017-12864 DoS Exec Code Overflow 2017-08-15 2017-08-15
0.0
None ??? ??? ??? ??? ??? ???
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
8 CVE-2017-12863 DoS Exec Code Overflow 2017-08-15 2017-08-15
0.0
None ??? ??? ??? ??? ??? ???
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has a integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
9 CVE-2017-12862 DoS Exec Code Overflow 2017-08-15 2017-08-15
0.0
None ??? ??? ??? ??? ??? ???
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier.
10 CVE-2017-12855 2017-08-15 2017-08-16
0.0
None ??? ??? ??? ??? ??? ???
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the status bits too early, incorrectly informing the guest that the grant is no longer in use. A guest may prematurely believe that a granted frame is safely private again, and reuse it in a way which contains sensitive information, while the domain on the far end of the grant is still using the grant. Xen 4.9, 4.8, 4.7, 4.6, and 4.5 are affected.
11 CVE-2017-12853 CSRF 2017-08-14 2017-08-14
0.0
None ??? ??? ??? ??? ??? ???
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
12 CVE-2017-12852 2017-08-15 2017-08-15
0.0
None ??? ??? ??? ??? ??? ???
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
13 CVE-2017-12851 2017-08-14 2017-08-14
0.0
None ??? ??? ??? ??? ??? ???
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
14 CVE-2017-12850 2017-08-14 2017-08-14
0.0
None ??? ??? ??? ??? ??? ???
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
15 CVE-2017-12799 DoS Overflow 2017-08-10 2017-08-15
0.0
None ??? ??? ??? ??? ??? ???
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
16 CVE-2017-12798 XSS 2017-08-10 2017-08-10
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.
17 CVE-2017-12777 XSS 2017-08-09 2017-08-09
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some parameter to usersearch.php.
18 CVE-2017-12774 2017-08-09 2017-08-09
0.0
None ??? ??? ??? ??? ??? ???
finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
19 CVE-2017-12762 Overflow 2017-08-09 2017-08-11
0.0
None ??? ??? ??? ??? ??? ???
In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.
20 CVE-2017-12756 2017-08-09 2017-08-09
0.0
None ??? ??? ??? ??? ??? ???
Command inject in transfer from another server in extplorer 2.1.9 and prior allows attacker to inject command via the userfile[0] parameter.
21 CVE-2017-12754 Exec Code Overflow 2017-08-09 2017-08-09
0.0
None ??? ??? ??? ??? ??? ???
Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by sending a crafted http GET request packet that includes a long delete_offline_client parameter in the url.
22 CVE-2017-12678 264 DoS 2017-08-07 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
23 CVE-2017-12677 79 XSS +Info 2017-08-07 2017-08-16
4.3
None Remote Medium Not required None Partial None
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.
24 CVE-2017-12676 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
25 CVE-2017-12675 119 DoS Overflow 2017-08-07 2017-08-08
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a missing check for multidimensional data was found in coders/mat.c, leading to a memory leak in the function ReadImage in MagickCore/constitute.c, which allows attackers to cause a denial of service.
26 CVE-2017-12674 399 DoS 2017-08-07 2017-08-08
7.1
None Remote Medium Not required None None Complete
In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.
27 CVE-2017-12673 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.
28 CVE-2017-12672 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
29 CVE-2017-12671 416 DoS 2017-08-07 2017-08-08
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/png.c, leading to an invalid free in the function RelinquishMagickMemory in MagickCore/memory.c, which allows attackers to cause a denial of service.
30 CVE-2017-12670 20 DoS 2017-08-07 2017-08-11
4.3
None Remote Medium Not required None None Partial
In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service.
31 CVE-2017-12669 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.
32 CVE-2017-12668 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
33 CVE-2017-12667 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.
34 CVE-2017-12666 119 Overflow 2017-08-07 2017-08-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.
35 CVE-2017-12665 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage in coders/pict.c.
36 CVE-2017-12664 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
37 CVE-2017-12663 119 Overflow 2017-08-07 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.
38 CVE-2017-12662 119 Overflow 2017-08-07 2017-08-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.
39 CVE-2017-12655 79 XSS 2017-08-07 2017-08-15
4.3
None Remote Medium Not required None Partial None
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
40 CVE-2017-12654 119 DoS Overflow 2017-08-07 2017-08-10
4.3
None Remote Medium Not required None None Partial
The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.
41 CVE-2017-12653 2017-08-07 2017-08-07
0.0
None ??? ??? ??? ??? ??? ???
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
42 CVE-2017-12651 352 CSRF 2017-08-07 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.
43 CVE-2017-12650 89 Sql 2017-08-07 2017-08-15
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.
44 CVE-2017-12649 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
45 CVE-2017-12648 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
46 CVE-2017-12647 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
47 CVE-2017-12646 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
48 CVE-2017-12645 79 XSS 2017-08-07 2017-08-09
4.3
None Remote Medium Not required None Partial None
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
49 CVE-2017-12644 119 Overflow 2017-08-07 2017-08-09
6.8
None Remote Medium Not required Partial Partial Partial
ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.
50 CVE-2017-12643 399 2017-08-07 2017-08-10
7.1
None Remote Medium Not required None None Complete
ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJNGImage in coders\png.c.
Total number of vulnerabilities : 906   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.