CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5601 CVE-2017-11508 89 +Priv Sql 2017-11-02 2017-11-22
6.5
None Remote Low Single system Partial Partial Partial
SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.
5602 CVE-2017-11475 89 Sql 2017-07-20 2017-08-29
6.5
None Remote Low Single system Partial Partial Partial
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
5603 CVE-2017-11464 369 2017-07-19 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
5604 CVE-2017-11463 275 2017-12-11 2018-03-27
6.5
None Remote Low Single system Partial Partial Partial
In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a specific URI with the target user's username in an HTTP payload in order to retrieve a key/token and use it to access/update objects belonging to other users. Such objects could be user profiles, tickets, incidents, etc.
5605 CVE-2017-11455 352 CSRF 2017-08-29 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens.
5606 CVE-2017-11450 20 DoS 2017-07-19 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
5607 CVE-2017-11449 20 DoS 2017-07-19 2017-07-27
6.8
None Remote Medium Not required Partial Partial Partial
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
5608 CVE-2017-11438 269 2017-08-02 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.11, 9.1.8, 9.2.8 allow an authenticated user with the ability to create a group to add themselves to any project that is inside a subgroup.
5609 CVE-2017-11422 732 2017-07-24 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc.
5610 CVE-2017-11403 416 2017-07-17 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
5611 CVE-2017-11399 125 DoS Overflow 2017-07-17 2017-11-06
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.
5612 CVE-2017-11398 534 2018-01-19 2019-10-09
6.8
None Remote Medium Not required Partial Partial Partial
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
5613 CVE-2017-11397 426 Exec Code 2017-12-15 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system.
5614 CVE-2017-11395 78 Exec Code 2017-09-22 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.
5615 CVE-2017-11392 77 Exec Code 2017-08-03 2017-08-04
6.5
None Remote Low Single system Partial Partial Partial
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
5616 CVE-2017-11391 77 Exec Code 2017-08-03 2017-08-07
6.5
None Remote Low Single system Partial Partial Partial
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
5617 CVE-2017-11388 89 Exec Code Sql 2017-08-02 2017-08-05
6.5
None Remote Low Single system Partial Partial Partial
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638.
5618 CVE-2017-11382 668 DoS 2017-08-03 2019-10-02
6.4
None Remote Low Not required None Partial Partial
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350.
5619 CVE-2017-11364 295 2017-08-02 2017-08-04
6.5
None Remote Low Single system Partial Partial Partial
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
5620 CVE-2017-11350 352 CSRF 2017-09-13 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.
5621 CVE-2017-11348 22 Dir. Trav. 2017-07-17 2017-08-08
6.3
None Remote Medium Single system None Complete None
In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.
5622 CVE-2017-11347 Exec Code 2017-07-17 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.
5623 CVE-2017-11345 119 Exec Code Overflow 2017-07-17 2017-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.
5624 CVE-2017-11335 787 DoS Exec Code Overflow 2017-07-17 2018-03-21
6.8
None Remote Medium Not required Partial Partial Partial
There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack.
5625 CVE-2017-11323 119 Exec Code Overflow 2017-08-19 2017-08-26
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substring of a filename.
5626 CVE-2017-11321 78 +Priv 2017-10-02 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
5627 CVE-2017-11319 269 +Priv 2017-12-11 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.
5628 CVE-2017-11318 78 Exec Code 2017-07-17 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.
5629 CVE-2017-11311 119 Exec Code Overflow 2017-07-17 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.
5630 CVE-2017-11310 772 2017-07-13 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The read_user_chunk_callback function in coders\png.c in ImageMagick 7.0.6-1 Q16 2017-06-21 (beta) has memory leak vulnerabilities via crafted PNG files.
5631 CVE-2017-11309 119 Exec Code Overflow 2017-11-09 2019-05-01
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.
5632 CVE-2017-11292 129 Exec Code 2017-10-22 2017-12-07
6.5
None Remote Low Single system Partial Partial Partial
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution.
5633 CVE-2017-11291 918 Bypass 2017-12-09 2017-12-14
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.
5634 CVE-2017-11263 119 Exec Code Overflow Mem. Corr. 2017-08-11 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.
5635 CVE-2017-11254 416 Exec Code 2017-08-11 2017-08-17
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.
5636 CVE-2017-11229 Bypass 2017-08-11 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).
5637 CVE-2017-11200 89 Sql 2017-07-12 2017-07-16
6.5
None Remote Low Single system Partial Partial Partial
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
5638 CVE-2017-11196 352 CSRF 2017-07-12 2017-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
5639 CVE-2017-11193 352 CSRF 2017-07-12 2017-07-19
6.8
None Remote Medium Not required Partial Partial Partial
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page.
5640 CVE-2017-11191 384 Bypass 2017-09-27 2017-10-11
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exist in product and does not recognize this report as a valid security concern.
5641 CVE-2017-11190 119 DoS Overflow 2017-07-12 2017-07-21
6.8
None Remote Medium Not required Partial Partial Partial
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.
5642 CVE-2017-11173 2017-07-12 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed.
5643 CVE-2017-11170 772 2017-07-11 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
5644 CVE-2017-11156 732 Exec Code 2017-08-14 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors.
5645 CVE-2017-11154 434 2017-08-08 2019-10-09
6.5
None Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
5646 CVE-2017-11150 78 Exec Code 2017-08-14 2019-10-02
6.5
None Remote Low Single system Partial Partial Partial
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents.
5647 CVE-2017-11147 125 2017-07-10 2019-10-02
6.4
None Remote Low Not required Partial None Partial
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.
5648 CVE-2017-11130 345 2017-08-01 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle attackers can conduct replay attacks.
5649 CVE-2017-11116 125 DoS 2017-07-31 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file.
5650 CVE-2017-11111 119 DoS Overflow 2017-07-08 2019-03-28
6.8
None Remote Medium Not required Partial Partial Partial
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.