CVE-2017-9148 CVSS:0.0
The TLS session cache in FreeRADIUS before 3.0.14 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS. (Last Update:2017-05-29) (Publish Update:2017-05-29)
CVE-2017-9138 CVSS:0.0
There is a debug-interface vulnerability on some Tenda routers (FH1202/F1202/F1200: versions before After connecting locally to a router in a wired or wireless manner, one can bypass intended access restrictions by sending shell commands directly and reading their results, or by entering shell commands that change this router's username and password. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-9100 CVSS:0.0
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. (Last Update:2017-05-21) (Publish Update:2017-05-21)
CVE-2017-9091 CVSS:5.0
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. (Last Update:2017-05-24) (Publish Update:2017-05-19)
CVE-2017-9090 CVSS:5.0
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. (Last Update:2017-05-24) (Publish Update:2017-05-19)
CVE-2017-9030 CVSS:5.0
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows a directory traversal attack that bypasses a uniqid protection mechanism, and makes it easier to read arbitrary uploaded files. (Last Update:2017-05-26) (Publish Update:2017-05-17)
CVE-2017-8900 CVSS:2.1
LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, allows physically proximate attackers to bypass intended AppArmor restrictions and visit the home directories of arbitrary users by establishing a guest session. (Last Update:2017-05-26) (Publish Update:2017-05-12)
CVE-2017-8793 CVSS:6.8
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy. (Last Update:2017-05-17) (Publish Update:2017-05-05)
CVE-2017-8760 CVSS:4.3
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding. (Last Update:2017-05-17) (Publish Update:2017-05-05)
CVE-2017-8388 CVSS:5.0
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request. (Last Update:2017-05-11) (Publish Update:2017-05-01)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by