CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5351 CVE-2017-9427 89 Exec Code Sql 2017-06-04 2017-06-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true.
5352 CVE-2017-9421 287 Bypass 2018-05-24 2018-06-27
6.4
None Remote Low Not required Partial Partial None
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
5353 CVE-2017-9418 89 Exec Code Sql 2017-06-12 2017-08-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
5354 CVE-2017-9414 352 XSS CSRF 2018-02-05 2018-02-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
5355 CVE-2017-9413 352 CSRF 2017-07-25 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
5356 CVE-2017-9383 287 2019-06-17 2019-06-20
6.5
None Remote Low Single system Partial Partial Partial
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal user to connect the device to an external website. It retrieves the parameter "URL" from the query string and then passes it to an internal function that uses the curl module on the device to retrieve the contents of the website.
5357 CVE-2017-9381 352 CSRF 2019-06-17 2019-06-20
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a user with the capability of installing or deleting apps on the device using the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who navigates to an attacker controlled page to install or delete an application on the device. Note: The cross-site request forgery is a systemic issue across all other functionalities of the device.
5358 CVE-2017-9380 434 Exec Code 2017-06-02 2017-06-08
6.5
None Remote Low Single system Partial Partial Partial
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
5359 CVE-2017-9379 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
5360 CVE-2017-9370 287 +Priv 2017-08-09 2017-08-24
6.5
None Remote Low Single system Partial Partial Partial
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.
5361 CVE-2017-9367 22 Dir. Trav. 2017-10-16 2017-11-08
6.8
None Remote Medium Not required Partial Partial Partial
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
5362 CVE-2017-9365 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
5363 CVE-2017-9362 611 2019-03-25 2019-04-02
6.5
None Remote Low Single system Partial Partial Partial
ManageEngine ServiceDesk Plus before 9312 contains an XML injection at add Configuration items CMDB API.
5364 CVE-2017-9333 20 Exec Code 2017-09-17 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access.
5365 CVE-2017-9325 285 2019-07-03 2019-07-11
6.4
None Remote Low Not required None Partial Partial
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
5366 CVE-2017-9324 269 +Priv 2017-06-12 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
5367 CVE-2017-9314 287 2017-11-13 2017-11-29
6.5
None Remote Low Single system Partial Partial Partial
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
5368 CVE-2017-9301 125 DoS 2017-05-29 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
5369 CVE-2017-9300 119 DoS Overflow 2017-05-29 2017-11-22
6.8
None Remote Medium Not required Partial Partial Partial
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
5370 CVE-2017-9146 119 DoS Overflow 2017-05-22 2019-05-17
6.8
None Remote Medium Not required Partial Partial Partial
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
5371 CVE-2017-9115 Exec Code 2017-05-21 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
5372 CVE-2017-9111 Exec Code 2017-05-21 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
5373 CVE-2017-9097 22 Dir. Trav. 2017-06-15 2017-07-05
6.4
None Remote Low Not required Partial Partial None
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.
5374 CVE-2017-9096 611 2017-11-08 2019-04-30
6.8
None Remote Medium Not required Partial Partial Partial
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
5375 CVE-2017-9069 434 Exec Code 2017-05-18 2017-05-30
6.5
None Remote Low Single system Partial Partial Partial
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
5376 CVE-2017-9064 352 CSRF 2017-05-18 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
5377 CVE-2017-9043 20 DoS 2017-05-17 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
5378 CVE-2017-9042 704 DoS 2017-05-17 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
5379 CVE-2017-9033 352 CSRF 2017-05-25 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.
5380 CVE-2017-9025 119 Overflow 2017-05-17 2017-05-24
6.4
None Remote Low Not required None Partial Partial
Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.
5381 CVE-2017-8989 601 2018-08-06 2018-10-17
6.4
None Remote Low Not required Partial Partial None
A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.
5382 CVE-2017-8959 Bypass 2018-02-15 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.
5383 CVE-2017-8930 352 CSRF 2017-05-14 2017-05-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.
5384 CVE-2017-8928 352 CSRF 2017-05-14 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
5385 CVE-2017-8927 119 DoS Overflow 2017-05-15 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
5386 CVE-2017-8926 119 DoS Overflow 2017-05-15 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
5387 CVE-2017-8913 611 2017-05-23 2018-12-10
6.5
None Remote Low Single system Partial Partial Partial
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
5388 CVE-2017-8912 94 Exec Code 2017-05-12 2017-08-15
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."
5389 CVE-2017-8907 863 Exec Code 2017-06-14 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
5390 CVE-2017-8905 682 Exec Code 2017-05-11 2019-10-02
6.8
None Local Low Single system Complete Complete Complete
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
5391 CVE-2017-8904 Exec Code 2017-05-11 2019-10-02
6.8
None Local Low Single system Complete Complete Complete
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
5392 CVE-2017-8899 200 XSS +Info 2017-05-11 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
5393 CVE-2017-8894 444 Exec Code 2017-07-02 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.
5394 CVE-2017-8874 352 CSRF 2017-05-10 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
5395 CVE-2017-8872 125 DoS 2017-05-10 2017-05-15
6.4
None Remote Low Not required Partial None Partial
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
5396 CVE-2017-8870 119 Exec Code Overflow 2017-07-27 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
5397 CVE-2017-8869 119 Exec Code Overflow 2017-07-27 2017-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
5398 CVE-2017-8854 119 Overflow 2017-05-09 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
5399 CVE-2017-8853 22 Dir. Trav. 2017-05-09 2017-05-17
6.4
None Remote Low Not required None Partial Partial
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
5400 CVE-2017-8852 119 Overflow 2017-05-10 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.