CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2017-17757 77 Exec Code 2017-12-19 2018-01-05
9.0
None Remote Low Single system Complete Complete Complete
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua in uhttpd.
1702 CVE-2017-17717 327 2017-12-17 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
1703 CVE-2017-17560 287 Exec Code 2017-12-12 2019-05-28
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
1704 CVE-2017-17544 264 2019-04-09 2019-05-06
9.0
None Remote Low Single system Complete Complete Complete
A privilege escalation vulnerability in Fortinet FortiOS all versions below 6.2.0 allows admin users to elevate their profile to super_admin via restoring modified configurations.
1705 CVE-2017-17540 798 2018-05-08 2018-06-12
10.0
None Remote Low Not required Complete Complete Complete
The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows attackers to gain unauthorized read/write access via a remote shell.
1706 CVE-2017-17539 798 2018-05-08 2018-06-12
10.0
None Remote Low Not required Complete Complete Complete
The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and earlier allows attackers to gain unauthorized read/write access via a remote shell.
1707 CVE-2017-17459 77 Exec Code 2017-12-07 2019-07-12
9.3
None Remote Medium Not required Complete Complete Complete
http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.
1708 CVE-2017-17458 78 2017-12-07 2018-07-28
10.0
None Remote Low Not required Complete Complete Complete
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories, but they can be created programmatically.
1709 CVE-2017-17411 78 Exec Code 2017-12-21 2018-08-28
10.0
Admin Remote Low Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
1710 CVE-2017-17410 787 Exec Code 2017-12-21 2018-01-10
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x102 in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5116.
1711 CVE-2017-17409 190 Exec Code Overflow 2017-12-21 2018-01-10
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.
1712 CVE-2017-17408 190 Exec Code Overflow 2017-12-21 2018-01-10
9.3
None Remote Medium Not required Complete Complete Complete
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.
1713 CVE-2017-17405 78 Exec Code 2017-12-15 2018-10-31
9.3
None Remote Medium Not required Complete Complete Complete
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
1714 CVE-2017-17384 264 2017-12-07 2017-12-22
9.0
None Remote Low Single system Complete Complete Complete
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job.
1715 CVE-2017-17320 415 Exec Code 2018-03-20 2018-04-13
9.3
None Remote Medium Not required Complete Complete Complete
Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution.
1716 CVE-2017-17227 125 Exec Code 2018-03-09 2018-03-26
9.3
None Remote Medium Not required Complete Complete Complete
GPU driver in Huawei Mate 10 smart phones with the versions before ALP-L09 8.0.0.120(C212); The versions before ALP-L09 8.0.0.127(C900); The versions before ALP-L09 8.0.0.128(402/C02/C109/C346/C432/C652) has a out-of-bounds memory access vulnerability due to the input parameters validation. An attacker tricks a user into installing a malicious application on the smart phone, and the application can call the driver with special parameter and cause accessing out-of-bounds memory. Successful exploit may result in phone crash or arbitrary code execution.
1717 CVE-2017-17173 20 Exec Code 2018-06-14 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on the smart phone, and send given parameter to driver to release special kernel memory resource. Successful exploit may result in phone crash or arbitrary code execution.
1718 CVE-2017-17107 798 2017-12-18 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.
1719 CVE-2017-17106 255 2017-12-18 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.
1720 CVE-2017-17105 77 2017-12-18 2019-05-10
10.0
None Remote Low Not required Complete Complete Complete
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.
1721 CVE-2017-17069 426 Exec Code 2017-12-06 2017-12-20
9.3
None Remote Medium Not required Complete Complete Complete
ActiveSetupN.exe in Amazon Audible for Windows before November 2017 allows attackers to execute arbitrary DLL code if ActiveSetupN.exe is launched from a directory where an attacker has already created a Trojan horse dwmapi.dll file.
1722 CVE-2017-17067 284 Bypass 2017-11-29 2017-12-20
10.0
None Remote Low Not required Complete Complete Complete
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks.
1723 CVE-2017-17023 284 2019-04-09 2019-04-11
9.3
None Remote Medium Not required Complete Complete Complete
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.
1724 CVE-2017-16997 426 +Priv 2017-12-17 2019-04-26
9.3
None Remote Medium Not required Complete Complete Complete
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
1725 CVE-2017-16960 77 Exec Code 2017-11-27 2017-12-12
9.0
None Remote Low Single system Complete Complete Complete
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.
1726 CVE-2017-16958 77 Exec Code 2017-11-27 2017-12-14
9.0
None Remote Low Single system Complete Complete Complete
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
1727 CVE-2017-16957 77 Exec Code 2017-11-27 2017-12-14
9.0
None Remote Low Single system Complete Complete Complete
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.
1728 CVE-2017-16934 78 Exec Code 2017-11-24 2017-12-11
10.0
None Remote Low Not required Complete Complete Complete
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.
1729 CVE-2017-16930 119 Exec Code Overflow 2017-12-05 2017-12-21
10.0
None Remote Low Not required Complete Complete Complete
The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
1730 CVE-2017-16926 77 Exec Code 2017-11-22 2017-12-12
10.0
None Remote Low Not required Complete Complete Complete
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.
1731 CVE-2017-16921 77 Exec Code 2017-12-08 2019-04-30
9.0
None Remote Low Single system Complete Complete Complete
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
1732 CVE-2017-16897 264 2017-12-27 2018-01-17
9.3
Admin Remote Medium Not required Complete Complete Complete
A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sign the full SAML response (e.g., only signs the assertion within the response).
1733 CVE-2017-16844 119 DoS Exec Code Overflow 2017-11-16 2018-02-03
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
1734 CVE-2017-16820 415 2017-11-14 2018-09-04
10.0
None Remote Low Not required Complete Complete Complete
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
1735 CVE-2017-16788 22 +Priv Dir. Trav. 2017-12-15 2018-01-03
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
1736 CVE-2017-16743 285 Bypass 2018-01-12 2018-05-16
10.0
Admin Remote Low Not required Complete Complete Complete
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.
1737 CVE-2017-16725 119 Exec Code Overflow 2017-12-20 2018-01-12
10.0
None Remote Low Not required Complete Complete Complete
A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.
1738 CVE-2017-16720 22 Dir. Trav. 2018-01-05 2018-09-24
10.0
None Remote Low Not required Complete Complete Complete
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device.
1739 CVE-2017-16717 119 Exec Code Overflow 2017-12-20 2018-01-11
9.0
None Remote Low Not required Partial Partial Complete
A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
1740 CVE-2017-16667 78 Exec Code 2017-11-08 2019-04-30
9.3
None Remote Medium Not required Complete Complete Complete
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
1741 CVE-2017-16666 77 Exec Code 2018-01-05 2018-01-18
9.0
None Remote Low Single system Complete Complete Complete
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
1742 CVE-2017-16660 264 Exec Code 2017-11-08 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
1743 CVE-2017-16659 264 +Priv 2017-11-08 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
1744 CVE-2017-16641 78 Exec Code 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
1745 CVE-2017-16638 264 +Priv 2017-11-06 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
1746 CVE-2017-16566 287 2017-11-17 2017-12-07
10.0
None Remote Low Not required Complete Complete Complete
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.
1747 CVE-2017-16523 255 2017-11-03 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
1748 CVE-2017-16522 264 Exec Code 2017-11-03 2017-11-21
9.0
None Remote Low Single system Complete Complete Complete
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
1749 CVE-2017-16420 125 2017-12-09 2017-12-14
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is in the part of the JavaScript engine that handles annotation abstraction. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
1750 CVE-2017-16418 125 2017-12-09 2017-12-15
9.3
None Remote Medium Not required Complete Complete Complete
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the image conversion module that handles XPS files. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.