CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9201 CVE-2017-17930 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.
9202 CVE-2017-17920 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
9203 CVE-2017-17919 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
9204 CVE-2017-17917 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
9205 CVE-2017-17916 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
9206 CVE-2017-17915 125 2017-12-27 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
9207 CVE-2017-17913 125 2017-12-27 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
9208 CVE-2017-17912 125 2017-12-27 2020-02-10
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
9209 CVE-2017-17908 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
9210 CVE-2017-17905 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
9211 CVE-2017-17903 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
9212 CVE-2017-17894 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Readymade Job Site Script has CSRF via the /job URI.
9213 CVE-2017-17891 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Readymade Video Sharing Script has CSRF via user-profile-edit.php.
9214 CVE-2017-17880 125 2017-12-27 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
9215 CVE-2017-17879 125 2017-12-27 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
9216 CVE-2017-17874 434 2017-12-27 2018-01-11
6.5
None Remote Low ??? Partial Partial Partial
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
9217 CVE-2017-17866 119 DoS Overflow 2017-12-27 2019-03-11
6.8
None Remote Medium Not required Partial Partial Partial
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
9218 CVE-2017-17858 119 Exec Code Overflow 2018-01-22 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
9219 CVE-2017-17835 352 CSRF 2019-01-23 2019-01-25
6.8
None Remote Medium Not required Partial Partial Partial
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
9220 CVE-2017-17831 20 Exec Code 2017-12-21 2019-08-01
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
9221 CVE-2017-17830 352 CSRF 2017-12-21 2018-01-03
6.0
None Remote Medium ??? Partial Partial Partial
Bus Booking Script has CSRF via admin/new_master.php.
9222 CVE-2017-17829 89 Sql 2017-12-21 2018-01-03
6.5
None Remote Low ??? Partial Partial Partial
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
9223 CVE-2017-17827 352 CSRF 2017-12-21 2018-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
9224 CVE-2017-17809 426 2017-12-20 2020-05-11
6.8
None Remote Medium Not required Partial Partial Partial
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.
9225 CVE-2017-17789 119 Overflow 2017-12-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
9226 CVE-2017-17787 125 2017-12-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
9227 CVE-2017-17786 125 2017-12-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
9228 CVE-2017-17785 119 Overflow 2017-12-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
9229 CVE-2017-17784 125 2017-12-20 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
9230 CVE-2017-17782 125 2017-12-20 2020-01-27
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
9231 CVE-2017-17774 352 CSRF 2017-12-20 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
admin/configuration.php in Piwigo 2.9.2 has CSRF.
9232 CVE-2017-17751 2018-03-24 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
9233 CVE-2017-17743 287 2018-03-22 2018-04-18
6.5
None Remote Low ??? Partial Partial Partial
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
9234 CVE-2017-17738 2017-12-18 2019-10-03
6.4
None Remote Low Not required None Partial Partial
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
9235 CVE-2017-17727 434 Exec Code 2017-12-18 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
9236 CVE-2017-17715 22 Dir. Trav. 2017-12-16 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
9237 CVE-2017-17712 362 Exec Code +Priv 2017-12-16 2018-04-04
6.9
None Local Medium Not required Complete Complete Complete
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
9238 CVE-2017-17707 862 2018-07-31 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.
9239 CVE-2017-17695 89 Sql 2017-12-15 2017-12-21
6.5
None Remote Low ??? Partial Partial Partial
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
9240 CVE-2017-17677 732 Exec Code 2021-05-19 2021-06-01
6.5
None Remote Low ??? Partial Partial Partial
BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.
9241 CVE-2017-17670 416 2017-12-15 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
9242 CVE-2017-17665 862 Bypass 2017-12-13 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
9243 CVE-2017-17615 89 Sql 2017-12-13 2017-12-26
6.5
None Remote Low ??? Partial Partial Partial
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
9244 CVE-2017-17566 DoS +Priv 2017-12-12 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
9245 CVE-2017-17564 388 DoS +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
9246 CVE-2017-17563 119 DoS Overflow +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
9247 CVE-2017-17562 20 Exec Code 2017-12-12 2018-04-20
6.8
None Remote Medium Not required Partial Partial Partial
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
9248 CVE-2017-17561 Exec Code 2017-12-12 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.
9249 CVE-2017-17557 119 Exec Code Overflow 2018-04-24 2018-06-05
6.8
None Remote Medium Not required Partial Partial Partial
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.
9250 CVE-2017-17552 352 Bypass CSRF 2018-02-07 2018-03-13
6.8
None Remote Medium Not required Partial Partial Partial
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.