CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10701 CVE-2017-6574 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
10702 CVE-2017-6573 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
10703 CVE-2017-6572 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
10704 CVE-2017-6571 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
10705 CVE-2017-6570 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
10706 CVE-2017-6565 862 2017-05-01 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag user, which can be obtained by exploiting CVE-2013-7247, has the ability to upload files to the server hosting the web service. As no sanitization checks are in place, an attacker can upload a malicious payload.
10707 CVE-2017-6557 89 Exec Code Sql 2017-05-05 2017-05-17
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
10708 CVE-2017-6543 +Priv 2017-03-08 2019-10-03
6.0
None Remote Medium ??? Partial Partial Partial
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows.
10709 CVE-2017-6529 613 2017-03-09 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
10710 CVE-2017-6520 417 DoS +Info 2017-05-01 2017-05-16
6.4
None Remote Low Not required Partial None Partial
The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
10711 CVE-2017-6519 346 DoS +Info 2017-05-01 2020-07-29
6.4
None Remote Low Not required Partial None Partial
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
10712 CVE-2017-6513 275 2017-03-11 2017-04-13
6.5
None Remote Low ??? Partial Partial Partial
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL.
10713 CVE-2017-6460 119 Overflow 2017-03-27 2017-10-24
6.5
None Remote Low ??? Partial Partial Partial
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
10714 CVE-2017-6458 119 Overflow 2017-03-27 2021-06-09
6.5
None Remote Low ??? Partial Partial Partial
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
10715 CVE-2017-6448 119 DoS Overflow 2017-04-03 2017-04-10
6.8
None Remote Medium Not required Partial Partial Partial
The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 1.2.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
10716 CVE-2017-6429 119 Overflow 2017-03-15 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
10717 CVE-2017-6424 2018-04-04 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm WiFi driver. Product: Android. Versions: Android kernel. Android ID: A-32086742. References: QC-CR#1102648.
10718 CVE-2017-6423 2018-04-04 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. References: QC-CR#1103158.
10719 CVE-2017-6419 119 DoS Overflow 2017-08-07 2018-10-21
6.8
None Remote Medium Not required Partial Partial Partial
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
10720 CVE-2017-6412 384 2017-03-30 2017-04-15
6.8
None Remote Medium Not required Partial Partial Partial
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
10721 CVE-2017-6411 352 CSRF 2017-03-06 2017-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
10722 CVE-2017-6381 829 Exec Code 2017-03-16 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerable to this if you are running a version of Drupal before 8.2.2. To be sure you aren't vulnerable, you can remove the <siteroot>/vendor/phpunit directory from your production deployments
10723 CVE-2017-6369 862 Exec Code 2017-03-24 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
10724 CVE-2017-6366 352 Exec Code CSRF 2017-03-15 2017-03-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
10725 CVE-2017-6346 362 DoS 2017-03-01 2017-11-04
6.9
None Local Medium Not required Complete Complete Complete
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
10726 CVE-2017-6328 352 CSRF 2017-08-11 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.
10727 CVE-2017-6327 20 Exec Code +Priv 2017-08-11 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
10728 CVE-2017-6325 94 Exec Code File Inclusion 2017-06-26 2017-07-07
6.0
None Remote Medium ??? Partial Partial Partial
The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.
10729 CVE-2017-6319 119 DoS Overflow 2017-03-02 2017-03-04
6.8
None Remote Medium Not required Partial Partial Partial
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.
10730 CVE-2017-6310 125 2017-02-24 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker.
10731 CVE-2017-6309 125 2017-02-24 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
10732 CVE-2017-6308 190 Overflow 2017-02-24 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
10733 CVE-2017-6307 787 2017-02-24 2019-03-13
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
10734 CVE-2017-6306 22 Dir. Trav. 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
10735 CVE-2017-6305 125 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "8 of 9. Out of Bounds read and write."
10736 CVE-2017-6304 125 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."
10737 CVE-2017-6303 190 Overflow 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
10738 CVE-2017-6302 190 Overflow 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
10739 CVE-2017-6301 125 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "4 of 9. Out of Bounds Reads."
10740 CVE-2017-6300 119 Overflow 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "3 of 9. Buffer Overflow in version field in lib/tnef-types.h."
10741 CVE-2017-6298 476 2017-02-24 2019-05-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "1 of 9. Null Pointer Deref / calloc return value not checked."
10742 CVE-2017-6262 416 Exec Code 2017-12-06 2017-12-21
6.9
None Local Medium Not required Complete Complete Complete
NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262.
10743 CVE-2017-6227 DoS 2018-02-08 2019-10-03
6.1
None Local Network Low Not required None None Complete
A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system.
10744 CVE-2017-6198 400 DoS 2018-02-06 2018-03-13
6.8
None Remote Low ??? None None Complete
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.
10745 CVE-2017-6196 416 DoS 2017-02-24 2017-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document.
10746 CVE-2017-6194 119 DoS Overflow 2017-04-03 2017-04-10
6.8
None Remote Medium Not required Partial Partial Partial
The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
10747 CVE-2017-6193 119 DoS Exec Code Overflow 2018-02-20 2020-04-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.
10748 CVE-2017-6191 119 Exec Code Overflow 2017-03-23 2017-03-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
10749 CVE-2017-6184 77 2017-03-30 2017-04-04
6.5
None Remote Low ??? Partial Partial Partial
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303.
10750 CVE-2017-6183 77 2017-03-30 2017-04-04
6.5
None Remote Low ??? Partial Partial Partial
In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's configuration utilities for adding (and detecting) Active Directory servers was vulnerable to remote command injection, aka NSWA-1314.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.