CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5801 CVE-2017-0174 19 DoS 2017-08-08 2017-08-14
6.1
None Local Network Low Not required None None Complete
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".
5802 CVE-2017-0168 200 +Info 2017-04-12 2017-07-10
6.3
None Remote Medium Single system Complete None None
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.
5803 CVE-2017-0161 362 Exec Code 2017-09-12 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
5804 CVE-2017-0156 264 2017-04-12 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability."
5805 CVE-2017-0155 264 +Priv 2017-04-12 2017-07-10
6.9
None Local Medium Not required Complete Complete Complete
The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability."
5806 CVE-2017-0101 119 Overflow +Priv 2017-03-16 2018-04-18
6.8
None Remote Medium Not required Partial Partial Partial
The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
5807 CVE-2017-0005 264 +Priv 2017-03-16 2017-07-11
6.9
None Local Medium Not required Complete Complete Complete
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047.
5808 CVE-2017-0002 264 Bypass 2017-01-10 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
5809 CVE-2016-1000218 352 CSRF 2017-06-16 2017-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.
5810 CVE-2016-1000213 352 CSRF 2016-10-25 2017-07-06
6.8
None Remote Medium Not required Partial Partial Partial
Ruckus Wireless H500 web management interface CSRF
5811 CVE-2016-1000122 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
5812 CVE-2016-1000120 89 Sql XSS 2016-10-27 2016-12-22
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
5813 CVE-2016-1000119 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
5814 CVE-2016-1000118 79 XSS 2016-10-21 2018-05-02
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
5815 CVE-2016-1000117 79 XSS 2016-10-21 2017-01-05
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
5816 CVE-2016-1000116 79 Sql XSS 2016-10-21 2017-03-27
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
5817 CVE-2016-1000115 79 Sql XSS 2016-10-21 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
5818 CVE-2016-1000000 89 Sql 2016-10-06 2017-11-02
6.5
None Remote Low Single system Partial Partial Partial
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
5819 CVE-2016-10915 352 CSRF 2019-08-20 2019-08-21
6.8
None Remote Medium Not required Partial Partial Partial
The popup-by-supsystic plugin before 1.7.9 for WordPress has CSRF.
5820 CVE-2016-10914 352 CSRF 2019-08-20 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The add-from-server plugin before 3.3.2 for WordPress has CSRF for importing a large file.
5821 CVE-2016-10905 416 2019-08-18 2019-08-23
6.1
None Local Low Not required Partial Partial Complete
An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.
5822 CVE-2016-10903 352 CSRF 2019-08-21 2019-08-23
6.8
None Remote Medium Not required Partial Partial Partial
The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF.
5823 CVE-2016-10902 352 CSRF 2019-08-21 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
5824 CVE-2016-10885 352 CSRF 2019-08-14 2019-08-22
6.8
None Remote Medium Not required Partial Partial Partial
The wp-editor plugin before 1.2.6 for WordPress has CSRF.
5825 CVE-2016-10884 352 CSRF 2019-08-14 2019-08-20
6.8
None Remote Medium Not required Partial Partial Partial
The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.
5826 CVE-2016-10882 352 CSRF 2019-08-14 2019-08-19
6.8
None Remote Medium Not required Partial Partial Partial
The google-document-embedder plugin before 2.6.2 for WordPress has CSRF.
5827 CVE-2016-10876 352 CSRF 2019-08-12 2019-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.1 for WordPress has CSRF.
5828 CVE-2016-10874 352 CSRF 2019-08-12 2019-08-14
6.8
None Remote Medium Not required Partial Partial Partial
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
5829 CVE-2016-10863 352 CSRF 2019-08-08 2019-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Edimax Wi-Fi Extender devices allow goform/formwlencryptvxd CSRF with resultant PSK key disclosure.
5830 CVE-2016-10862 352 2019-08-08 2019-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page.
5831 CVE-2016-10845 74 2019-08-01 2019-08-08
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
5832 CVE-2016-10838 284 2019-08-01 2019-08-13
6.8
None Remote Low Single system Complete None None
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
5833 CVE-2016-10834 358 Bypass 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
5834 CVE-2016-10831 287 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
5835 CVE-2016-10829 552 2019-08-01 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
5836 CVE-2016-10826 287 Bypass 2019-08-01 2019-08-05
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
5837 CVE-2016-10816 20 Exec Code 2019-08-01 2019-08-05
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
5838 CVE-2016-10814 20 2019-08-01 2019-08-13
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
5839 CVE-2016-10805 20 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
5840 CVE-2016-10802 284 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
5841 CVE-2016-10801 74 2019-08-07 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
5842 CVE-2016-10800 20 2019-08-07 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
5843 CVE-2016-10793 20 Exec Code 2019-08-06 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
5844 CVE-2016-10792 284 Exec Code 2019-08-06 2019-08-13
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
5845 CVE-2016-10789 20 Exec Code 2019-08-06 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
5846 CVE-2016-10775 20 2019-08-05 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
5847 CVE-2016-10773 134 2019-08-05 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
5848 CVE-2016-10766 352 CSRF 2019-07-29 2019-08-05
6.8
None Remote Medium Not required Partial Partial Partial
edx-platform before 2016-06-06 allows CSRF.
5849 CVE-2016-10758 434 2019-05-24 2019-05-29
6.5
None Remote Low Single system Partial Partial Partial
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the image_name parameter.
5850 CVE-2016-10757 352 Exec Code CSRF 2019-05-24 2019-05-28
6.8
None Remote Medium Not required Partial Partial Partial
In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.