CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5901 CVE-2017-2167 426 Exec Code 2017-05-12 2017-05-20
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.
5902 CVE-2017-2156 426 Exec Code 2017-04-28 2017-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.
5903 CVE-2017-2155 119 Exec Code Overflow 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.
5904 CVE-2017-2154 20 +Priv 2017-04-28 2017-05-11
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUST School 6 Premium, Hanako Police 5, JUST Police 3, Hanako 2017 trial version allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5905 CVE-2017-2140 74 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.
5906 CVE-2017-2138 352 CSRF 2017-08-02 2017-08-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5907 CVE-2017-2133 89 Exec Code Sql 2017-10-20 2017-11-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
5908 CVE-2017-2132 20 2017-10-20 2017-11-08
6.4
None Remote Low Not required None Partial Partial
Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors.
5909 CVE-2017-2130 426 +Priv 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5910 CVE-2017-2128 78 Exec Code 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.
5911 CVE-2017-2125 264 +Priv 2017-04-28 2017-05-10
6.5
None Remote Low Single system Partial Partial Partial
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.
5912 CVE-2017-2120 89 Exec Code Sql 2017-04-28 2017-05-03
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
5913 CVE-2017-2107 426 +Priv 2017-04-28 2017-05-10
6.9
None Local Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Self-extracting archive files created by 7-ZIP32.DLL 9.22.00.01 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
5914 CVE-2017-2102 352 CSRF 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5915 CVE-2017-2100 20 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
5916 CVE-2017-2099 284 Exec Code 2017-04-28 2017-05-05
6.8
None Remote Medium Not required Partial Partial Partial
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors.
5917 CVE-2017-2097 352 CSRF 2017-04-28 2017-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
5918 CVE-2017-1794 264 DoS 2018-09-19 2018-11-23
6.0
None Remote Medium Single system Partial Partial Partial
IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 are vulnerable to both TEPS user privilege escalation and possible denial of service due to unconstrained memory growth. IBM X-Force ID: 137039.
5919 CVE-2017-1769 352 CSRF 2018-01-24 2018-02-08
6.8
None Remote Medium Not required Partial Partial Partial
IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783.
5920 CVE-2017-1757 89 Sql 2017-12-20 2018-01-03
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.
5921 CVE-2017-1746 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 135519.
5922 CVE-2017-1731 264 +Priv 2018-01-30 2018-02-14
6.5
None Remote Low Single system Partial Partial Partial
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges.
5923 CVE-2017-1722 89 Sql 2018-04-26 2018-05-25
6.5
None Remote Low Single system Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.
5924 CVE-2017-1721 94 Exec Code 2018-04-26 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
5925 CVE-2017-1711 426 2018-02-13 2018-03-13
6.8
None Remote Medium Not required Partial Partial Partial
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
5926 CVE-2017-1693 613 2018-01-19 2018-02-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Integration Bus 9.0 and 10.0 could allow an attacker that has captured a valid session id to hijack another users session during a small timeframe before the session times out. IBM X-Force ID: 134164.
5927 CVE-2017-1672 352 CSRF 2018-01-04 2018-01-16
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639.
5928 CVE-2017-1631 352 CSRF 2017-12-20 2018-01-05
6.8
None Remote Medium Not required Partial Partial Partial
IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133140.
5929 CVE-2017-1606 89 Sql 2017-12-11 2017-12-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0.0 through 3.0.0.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 132926.
5930 CVE-2017-1539 264 +Priv 2017-09-26 2017-09-29
6.5
None Remote Low Single system Partial Partial Partial
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. By manipulating LDAP group membership an attack might gain privileged access. IBM X-Force ID: 130807.
5931 CVE-2017-1508 264 +Priv 2017-09-13 2017-09-27
6.8
None Local Low Single system Complete Complete Complete
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.
5932 CVE-2017-1499 434 Exec Code 2018-02-14 2018-03-09
6.5
None Remote Low Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106.
5933 CVE-2017-1467 264 2017-08-02 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.
5934 CVE-2017-1442 352 CSRF 2017-08-30 2017-09-02
6.8
None Remote Medium Not required Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 128107.
5935 CVE-2017-1440 284 Exec Code 2017-08-30 2017-09-02
6.5
None Remote Low Single system Partial Partial Partial
IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 128105.
5936 CVE-2017-1383 611 2017-08-02 2017-08-04
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
5937 CVE-2017-1373 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.
5938 CVE-2017-1371 284 2017-07-21 2017-07-25
6.5
None Remote Low Single system Partial Partial Partial
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
5939 CVE-2017-1356 89 Sql 2017-12-07 2017-12-19
6.5
None Remote Low Single system Partial Partial Partial
IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683.
5940 CVE-2017-1352 77 Exec Code 2017-09-12 2017-09-21
6.0
None Remote Medium Single system Partial Partial Partial
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
5941 CVE-2017-1347 89 Sql 2017-06-23 2017-06-26
6.5
None Remote Low Single system Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462.
5942 CVE-2017-1322 611 2017-06-27 2017-07-05
6.4
None Remote Low Not required Partial None Partial
IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125918.
5943 CVE-2017-1311 89 Sql 2017-10-02 2017-10-11
6.5
None Remote Low Single system Partial Partial Partial
IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719.
5944 CVE-2017-1300 352 CSRF 2017-11-01 2017-11-24
6.8
None Remote Medium Not required Partial Partial Partial
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 125162.
5945 CVE-2017-1289 611 2017-05-22 2018-01-04
6.4
None Remote Low Not required Partial None Partial
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
5946 CVE-2017-1274 119 Exec Code Overflow 2017-04-25 2019-05-10
6.5
None Remote Low Single system Partial Partial Partial
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749.
5947 CVE-2017-1258 287 2017-07-05 2017-07-14
6.4
None Remote Low Not required Partial Partial None
IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685
5948 CVE-2017-1253 78 Exec Code 2017-07-05 2017-07-17
6.5
None Remote Low Single system Partial Partial Partial
IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.
5949 CVE-2017-1222 287 2017-10-26 2017-10-31
6.4
None Remote Low Not required Partial Partial None
IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 123862.
5950 CVE-2017-1218 352 CSRF 2017-07-19 2017-10-26
6.8
None Remote Medium Not required Partial Partial Partial
IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.