CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002151 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization
2 CVE-2017-1002150 CSRF 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection
3 CVE-2017-1002100 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
4 CVE-2017-1002028 Sql 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query.
5 CVE-2017-1002027 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php.
6 CVE-2017-1002026 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
7 CVE-2017-1002025 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
8 CVE-2017-1002024 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
9 CVE-2017-1002023 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php
10 CVE-2017-1002022 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query.
11 CVE-2017-1002021 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query.
12 CVE-2017-1002020 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query.
13 CVE-2017-1002019 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
14 CVE-2017-1002018 89 Sql 2017-09-14 2017-09-18
7.5
None Remote Low Not required Partial Partial Partial
Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter.
15 CVE-2017-1002017 XSS 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.
16 CVE-2017-1002016 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files.
17 CVE-2017-1002015 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.
18 CVE-2017-1002014 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.
19 CVE-2017-1002013 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.
20 CVE-2017-1002012 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.
21 CVE-2017-1002011 XSS 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
22 CVE-2017-1002010 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function.
23 CVE-2017-1002009 Sql 2017-09-14 2017-09-14
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete function.
24 CVE-2017-1002008 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin membership-simplified-for-oap-members-only v1.58, The file download code located membership-simplified-for-oap-members-only/download.php does not check whether a user is logged in and has download privileges.
25 CVE-2017-1002007 285 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_mail.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
26 CVE-2017-1002006 285 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/save_contact.php doesn't check that the user is authorized before injecting new contacts into the wp_contact table.
27 CVE-2017-1002005 20 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query.
28 CVE-2017-1002004 20 2017-09-14 2017-09-18
5.0
None Remote Low Not required None Partial None
Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.
29 CVE-2017-1002003 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
30 CVE-2017-1002002 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
31 CVE-2017-1002001 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
32 CVE-2017-1002000 2017-09-14 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
33 CVE-2017-1000251 Exec Code Overflow 2017-09-12 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
34 CVE-2017-1000250 +Info 2017-09-12 2017-09-15
0.0
None ??? ??? ??? ??? ??? ???
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
35 CVE-2017-1000249 2017-09-11 2017-09-11
0.0
None ??? ??? ??? ??? ??? ???
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017).
36 CVE-2017-1000083 77 Exec Code 2017-09-05 2017-09-06
6.8
None Remote Medium Not required Partial Partial Partial
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
37 CVE-2017-14580 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."
38 CVE-2017-14579 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."
39 CVE-2017-14578 DoS 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."
40 CVE-2017-14577 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."
41 CVE-2017-14576 DoS 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281."
42 CVE-2017-14575 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."
43 CVE-2017-14574 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490."
44 CVE-2017-14573 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a."
45 CVE-2017-14572 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b."
46 CVE-2017-14571 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706."
47 CVE-2017-14570 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."
48 CVE-2017-14569 DoS 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5."
49 CVE-2017-14568 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."
50 CVE-2017-14567 DoS Exec Code 2017-09-18 2017-09-18
0.0
None ??? ??? ??? ??? ??? ???
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b."
Total number of vulnerabilities : 762   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.