CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3751 CVE-2017-16871 94 Exec Code 2017-11-17 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary.
3752 CVE-2017-16870 918 2017-11-17 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary.
3753 CVE-2017-16869 119 DoS Overflow 2017-11-17 2017-12-05
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."
3754 CVE-2017-16857 284 Bypass 2017-12-05 2017-12-22
6.0
None Remote Medium Single system Partial Partial Partial
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.
3755 CVE-2017-16853 347 2017-11-16 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105.
3756 CVE-2017-16852 347 2017-11-16 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763.
3757 CVE-2017-16839 255 2018-03-29 2018-04-20
6.9
None Local Medium Not required Complete Complete Complete
Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root privileges if VMware Fusion is not installed.
3758 CVE-2017-16832 190 DoS 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
3759 CVE-2017-16831 190 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
3760 CVE-2017-16830 190 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.
3761 CVE-2017-16829 125 DoS 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.
3762 CVE-2017-16828 190 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
3763 CVE-2017-16827 119 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
3764 CVE-2017-16826 119 DoS Overflow 2017-11-15 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
3765 CVE-2017-16797 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.
3766 CVE-2017-16796 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
3767 CVE-2017-16793 119 DoS Overflow 2017-11-12 2017-11-27
6.8
None Remote Medium Not required Partial Partial Partial
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
3768 CVE-2017-16786 200 +Info 2017-12-19 2018-01-08
6.8
None Remote Low Single system Complete None None
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
3769 CVE-2017-16776 255 Bypass 2017-12-15 2018-01-02
6.8
None Remote Medium Not required Partial Partial Partial
Security researchers discovered an authentication bypass vulnerability in version 2.0.2 of the Conserus Workflow Intelligence application by McKesson Medical Imaging Company, which is now a Change Healthcare company. The attacker must send a malicious HTTP GET request to exploit the vulnerability. The vulnerability allows an attacker to bypass authentication and escalate privileges of valid users. An unauthenticated attacker can exploit the vulnerability and be granted limited access to other accounts. An authenticated attacker can exploit the vulnerability and be granted access reserved for higher privilege users.
3770 CVE-2017-16773 285 Bypass 2018-07-05 2018-09-07
6.5
None Remote Low Single system Partial Partial Partial
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
3771 CVE-2017-16772 20 Exec Code 2018-03-22 2018-04-18
6.5
None Remote Low Single system Partial Partial Partial
Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter.
3772 CVE-2017-16766 74 2017-12-22 2018-01-09
6.4
None Remote Low Not required Partial Partial None
An improper access control vulnerability in synodsmnotify in Synology DiskStation Manager (DSM) before 6.1.4-15217 and before 6.0.3-8754-6 allows local users to inject arbitrary web script or HTML via the -fn option.
3773 CVE-2017-16756 352 CSRF 2018-02-19 2018-03-09
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account.
3774 CVE-2017-16751 119 Exec Code Overflow 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dpb files may allow an attacker to remotely execute arbitrary code.
3775 CVE-2017-16749 416 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A Use-after-Free issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files could exploit a use-after-free vulnerability.
3776 CVE-2017-16747 787 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-bounds Write issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. Specially crafted .dpb files may cause the system to write outside the intended buffer area.
3777 CVE-2017-16745 704 Exec Code 2018-03-15 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
A Type Confusion issue was discovered in Delta Electronics Delta Industrial Automation Screen Editor, Version 2.00.23.00 or prior. An access of resource using incompatible type ('type confusion') vulnerability may allow an attacker to execute remote code when processing specially crafted .dpb files.
3778 CVE-2017-16744 22 Dir. Trav. 2018-08-20 2019-04-03
6.5
None Remote Low Single system Partial Partial Partial
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
3779 CVE-2017-16739 119 Exec Code Overflow 2018-01-12 2018-01-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
3780 CVE-2017-16737 119 Overflow 2018-01-12 2018-01-31
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
3781 CVE-2017-16732 416 2018-01-11 2018-01-31
6.4
None Remote Low Not required None Partial Partial
A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.
3782 CVE-2017-16727 255 2017-12-21 2018-01-09
6.4
None Remote Low Not required Partial Partial None
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic.
3783 CVE-2017-16726 326 2018-06-27 2018-08-31
6.4
None Remote Low Not required Partial Partial None
Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable.
3784 CVE-2017-16709 284 Exec Code 2018-07-11 2019-04-30
6.5
None Remote Low Single system Partial Partial Partial
Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote authenticated administrators to execute arbitrary code via unspecified vectors.
3785 CVE-2017-16690 426 Exec Code 2017-12-12 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 folder) from the folder the executable is in and not from the system location. The desired behavior is that system dlls are only loaded from the system folders. If a dll with the same name as the system dll is located in the same folder as the executable, this dll is loaded and code is executed.
3786 CVE-2017-16689 287 2017-12-12 2018-01-04
6.5
None Remote Low Single system Partial Partial Partial
A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined.
3787 CVE-2017-16682 94 Exec Code 2017-12-12 2017-12-22
6.5
None Remote Low Single system Partial Partial Partial
SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application.
3788 CVE-2017-16678 918 2017-12-12 2018-01-02
6.5
None Remote Low Single system Partial Partial Partial
Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application.
3789 CVE-2017-16671 119 Overflow 2017-11-08 2018-11-25
6.5
None Remote Low Single system Partial Partial Partial
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
3790 CVE-2017-16670 94 Exec Code 2018-02-19 2018-03-19
6.8
None Remote Medium Not required Partial Partial Partial
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
3791 CVE-2017-16669 119 DoS Overflow 2017-11-08 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
3792 CVE-2017-16664 94 Exec Code 2017-11-21 2019-05-08
6.5
None Remote Low Single system Partial Partial Partial
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
3793 CVE-2017-16606 417 Exec Code Bypass 2018-01-22 2018-02-06
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp._3d.add_005f3d_005fview_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5197.
3794 CVE-2017-16603 417 Exec Code Bypass 2018-01-22 2018-02-06
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to execute code by creating arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.settings.upload_005ffile_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate user-supplied data, which can allow for the upload of files. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5194.
3795 CVE-2017-16602 134 Exec Code Bypass 2018-01-22 2018-02-06
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.exec_jsp servlet, which listens on TCP port 8081 by default. When parsing the command parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5193.
3796 CVE-2017-16598 417 Exec Code Bypass 2018-01-22 2018-02-06
6.5
None Remote Low Single system Partial Partial Partial
This vulnerability allows remote attackers to execute code by overwriting arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.tools.snmpwalk.snmpwalk_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the ip parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5138.
3797 CVE-2017-16590 287 Exec Code Bypass 2018-01-22 2018-02-12
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the lack of proper string matching inside the doFilter method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of Administrator. Was ZDI-CAN-5099.
3798 CVE-2017-16587 416 Exec Code 2017-12-20 2017-12-28
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5296.
3799 CVE-2017-16586 416 Exec Code 2017-12-20 2017-12-28
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addAnnot method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5295.
3800 CVE-2017-16585 416 Exec Code 2017-12-20 2017-12-28
6.8
None Remote Medium Not required Partial Partial Partial
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.response method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5294.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.