CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2451 CVE-2017-17102 89 Sql 2017-12-04 2017-12-14
5.0
None Remote Low Not required Partial None None
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST['link'].
2452 CVE-2017-17097 640 2018-01-02 2018-01-18
5.0
None Remote Low Not required Partial None None
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
2453 CVE-2017-17090 399 2017-12-01 2018-02-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
2454 CVE-2017-17088 119 DoS Overflow 2017-12-19 2018-01-04
5.0
None Remote Low Not required None None Partial
The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service.
2455 CVE-2017-17085 754 2017-12-01 2018-02-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.
2456 CVE-2017-17084 754 2017-12-01 2018-02-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissector could crash. This was addressed in epan/dissectors/packet-iwarp-mpa.c by validating a ULPDU length.
2457 CVE-2017-17083 754 2017-12-01 2018-02-03
5.0
None Remote Low Not required None None Partial
In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginning of a buffer.
2458 CVE-2017-17068 200 +Info 2017-12-06 2017-12-20
5.0
None Remote Low Not required Partial None None
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
2459 CVE-2017-17066 200 +Info 2017-12-05 2017-12-21
5.0
None Remote Low Not required Partial None None
The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.
2460 CVE-2017-17058 22 Dir. Trav. 2017-11-29 2017-12-27
5.0
None Remote Low Not required Partial None None
** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code.
2461 CVE-2017-17042 22 Dir. Trav. 2017-11-28 2017-12-20
5.0
None Remote Low Not required Partial None None
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
2462 CVE-2017-16953 287 2017-12-01 2017-12-27
5.0
None Remote Low Not required None Partial None
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
2463 CVE-2017-16944 400 DoS 2017-11-25 2017-12-07
5.0
None Remote Low Not required None None Partial
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
2464 CVE-2017-16935 264 Bypass 2017-11-24 2017-12-12
5.0
None Remote Low Not required Partial None None
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
2465 CVE-2017-16932 400 2017-11-23 2018-08-15
5.0
None Remote Low Not required None None Partial
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
2466 CVE-2017-16924 200 Bypass +Info 2018-02-18 2018-03-16
5.0
None Remote Low Not required Partial None None
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
2467 CVE-2017-16922 22 Dir. Trav. 2018-03-05 2018-03-27
5.0
None Remote Low Not required Partial None None
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
2468 CVE-2017-16899 129 2017-11-20 2017-12-11
5.8
None Remote Medium Not required Partial None Partial
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
2469 CVE-2017-16894 200 +Info 2017-11-19 2018-03-08
5.0
None Remote Low Not required Partial None None
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
2470 CVE-2017-16892 119 Overflow 2017-11-19 2017-12-04
5.0
None Remote Low Not required None None Partial
In Bftpd before 4.7, there is a memory leak in the file rename function.
2471 CVE-2017-16887 275 2018-01-12 2018-02-02
5.0
None Remote Low Not required Partial None None
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.
2472 CVE-2017-16885 275 +Info 2018-01-12 2018-02-02
5.0
None Remote Low Not required Partial None None
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.
2473 CVE-2017-16877 22 Dir. Trav. +Info 2017-11-17 2017-12-04
5.0
None Remote Low Not required Partial None None
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
2474 CVE-2017-16875 320 Overflow 2017-11-17 2018-04-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
2475 CVE-2017-16835 200 +Info 2018-02-20 2018-03-19
5.0
None Remote Low Not required Partial None None
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
2476 CVE-2017-16806 22 Dir. Trav. 2017-11-13 2017-11-29
5.0
None Remote Low Not required Partial None None
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
2477 CVE-2017-16803 119 DoS Overflow 2017-11-13 2018-11-27
5.0
None Remote Low Not required None None Partial
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
2478 CVE-2017-16769 200 +Info 2018-02-23 2018-03-19
5.0
None Remote Low Not required Partial None None
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
2479 CVE-2017-16762 22 Dir. Trav. 2017-11-10 2017-11-30
5.0
None Remote Low Not required Partial None None
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
2480 CVE-2017-16761 601 2017-11-10 2017-11-27
5.8
None Remote Medium Not required Partial Partial None
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
2481 CVE-2017-16754 284 2017-11-09 2017-11-30
5.0
None Remote Low Not required Partial None None
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
2482 CVE-2017-16753 20 2018-01-05 2018-01-11
5.0
None Remote Low Not required None None Partial
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
2483 CVE-2017-16741 200 +Info 2018-01-12 2018-05-16
5.0
None Remote Low Not required Partial None None
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
2484 CVE-2017-16736 434 2018-01-11 2018-01-31
5.0
None Remote Low Not required None Partial None
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
2485 CVE-2017-16735 89 Sql 2017-12-20 2018-01-04
5.0
None Remote Low Not required None None Partial
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
2486 CVE-2017-16733 89 Sql 2017-12-20 2018-01-04
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
2487 CVE-2017-16728 476 2018-01-05 2018-01-11
5.0
None Remote Low Not required None None Partial
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
2488 CVE-2017-16719 74 2017-11-16 2017-12-04
5.0
None Remote Low Not required None None Partial
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.
2489 CVE-2017-16715 200 +Info 2017-11-16 2017-12-04
5.0
None Remote Low Not required Partial None None
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
2490 CVE-2017-16714 255 2018-09-06 2018-11-13
5.0
None Remote Low Not required Partial None None
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
2491 CVE-2017-16691 20 2017-12-12 2018-01-04
5.8
None Remote Medium Not required None Partial Partial
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
2492 CVE-2017-16687 200 +Info 2017-12-12 2018-01-02
5.0
None Remote Low Not required Partial None None
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
2493 CVE-2017-16680 74 2017-12-12 2018-01-04
5.0
None Remote Low Not required None Partial None
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.
2494 CVE-2017-16679 601 2017-12-12 2018-01-04
5.8
None Remote Medium Not required Partial Partial None
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
2495 CVE-2017-16654 22 Dir. Trav. 2018-08-06 2018-10-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.
2496 CVE-2017-16652 601 2018-06-13 2018-08-08
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
2497 CVE-2017-16642 125 +Info 2017-11-07 2018-11-24
5.0
None Remote Low Not required Partial None None
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
2498 CVE-2017-16612 190 Overflow 2017-12-01 2018-04-10
5.0
None Remote Low Not required None None Partial
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
2499 CVE-2017-16609 200 +Info 2018-01-22 2018-02-09
5.0
None Remote Low Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.
2500 CVE-2017-16607 200 +Info 2018-01-22 2018-02-09
5.0
None Remote Low Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 (This Page)51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.