CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2851 CVE-2017-17068 200 +Info 2017-12-06 2017-12-20
5.0
None Remote Low Not required Partial None None
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
2852 CVE-2017-17066 200 +Info 2017-12-05 2017-12-21
5.0
None Remote Low Not required Partial None None
The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the I2P routing protocol do not properly handle Garlic DeliveryTypeTunnel packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading sensitive router memory, aka the GarlicRust bug.
2853 CVE-2017-17058 22 Dir. Trav. 2017-11-29 2017-12-27
5.0
None Remote Low Not required Partial None None
** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code.
2854 CVE-2017-17042 22 Dir. Trav. 2017-11-28 2017-12-20
5.0
None Remote Low Not required Partial None None
lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.
2855 CVE-2017-16953 287 2017-12-01 2017-12-27
5.0
None Remote Low Not required None Partial None
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
2856 CVE-2017-16944 400 DoS 2017-11-25 2017-12-07
5.0
None Remote Low Not required None None Partial
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
2857 CVE-2017-16935 264 Bypass 2017-11-24 2017-12-12
5.0
None Remote Low Not required Partial None None
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
2858 CVE-2017-16932 400 2017-11-23 2018-08-15
5.0
None Remote Low Not required None None Partial
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
2859 CVE-2017-16924 200 Bypass +Info 2018-02-18 2018-03-16
5.0
None Remote Low Not required Partial None None
Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157.
2860 CVE-2017-16922 22 Dir. Trav. 2018-03-05 2018-03-27
5.0
None Remote Low Not required Partial None None
In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request.
2861 CVE-2017-16899 129 2017-11-20 2017-12-11
5.8
None Remote Medium Not required Partial None Partial
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
2862 CVE-2017-16894 200 +Info 2017-11-19 2018-03-08
5.0
None Remote Low Not required Partial None None
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
2863 CVE-2017-16892 119 Overflow 2017-11-19 2017-12-04
5.0
None Remote Low Not required None None Partial
In Bftpd before 4.7, there is a memory leak in the file rename function.
2864 CVE-2017-16887 275 2018-01-12 2018-02-02
5.0
None Remote Low Not required Partial None None
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.
2865 CVE-2017-16885 275 +Info 2018-01-12 2018-02-02
5.0
None Remote Low Not required Partial None None
Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.
2866 CVE-2017-16877 22 Dir. Trav. +Info 2017-11-17 2017-12-04
5.0
None Remote Low Not required Partial None None
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
2867 CVE-2017-16875 320 Overflow 2017-11-17 2018-04-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
2868 CVE-2017-16835 200 +Info 2018-02-20 2018-03-19
5.0
None Remote Low Not required Partial None None
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
2869 CVE-2017-16806 22 Dir. Trav. 2017-11-13 2017-11-29
5.0
None Remote Low Not required Partial None None
The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ulterius before 1.9.5.0 allows HTTP server directory traversal.
2870 CVE-2017-16803 119 DoS Overflow 2017-11-13 2018-11-27
5.0
None Remote Low Not required None None Partial
In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service (bitstream.c:build_table() out-of-bounds read and application crash) via a crafted Smacker stream.
2871 CVE-2017-16769 200 +Info 2018-02-23 2018-03-19
5.0
None Remote Low Not required Partial None None
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode.
2872 CVE-2017-16762 22 Dir. Trav. 2017-11-10 2017-11-30
5.0
None Remote Low Not required Partial None None
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.
2873 CVE-2017-16761 601 2017-11-10 2017-11-27
5.8
None Remote Medium Not required Partial Partial None
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
2874 CVE-2017-16754 284 2017-11-09 2017-11-30
5.0
None Remote Low Not required Partial None None
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.
2875 CVE-2017-16753 20 2018-01-05 2018-01-11
5.0
None Remote Low Not required None None Partial
An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.
2876 CVE-2017-16741 200 +Info 2018-01-12 2018-05-16
5.0
None Remote Low Not required Partial None None
An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.
2877 CVE-2017-16736 434 2018-01-11 2018-01-31
5.0
None Remote Low Not required None Partial None
An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.
2878 CVE-2017-16735 89 Sql 2017-12-20 2018-01-04
5.0
None Remote Low Not required None None Partial
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.
2879 CVE-2017-16733 89 Sql 2017-12-20 2018-01-04
5.0
None Remote Low Not required Partial None None
A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database.
2880 CVE-2017-16728 476 2018-01-05 2018-01-11
5.0
None Remote Low Not required None None Partial
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.
2881 CVE-2017-16719 74 2017-11-16 2017-12-04
5.0
None Remote Low Not required None None Partial
An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to inject packets that could potentially disrupt the availability of the device.
2882 CVE-2017-16715 200 +Info 2017-11-16 2017-12-04
5.0
None Remote Low Not required Partial None None
An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.
2883 CVE-2017-16714 255 2018-09-06 2018-11-13
5.0
None Remote Low Not required Partial None None
In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication.
2884 CVE-2017-16691 20 2017-12-12 2018-01-04
5.8
None Remote Medium Not required None Partial Partial
SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31,7.40, from 7.50 to 7.52) supports upload of digitally signed note file of type 'SAR'. The digital signature verification is done together with the extraction of note file contained in the SAR archive. It is possible to append a tampered file to the SAR archive using SAPCAR tool and during the extraction, digital signature verification fails but the tampered file is extracted.
2885 CVE-2017-16687 200 +Info 2017-12-12 2018-01-02
5.0
None Remote Low Not required Partial None None
The user self-service tools of SAP HANA extended application services, classic user self-service, a part of SAP HANA Database versions 1.00 and 2.00, can be misused to enumerate valid and invalid user accounts. An unauthenticated user could use the error messages to determine if a given username is valid.
2886 CVE-2017-16680 74 2017-12-12 2018-01-04
5.0
None Remote Low Not required None Partial None
Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1) Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files could be hindered or misdirected. 2) User Account and Authentication writes audit logs into syslog and additionally writes the same audit entries into a log file. Entries in the log file miss escaping. Hence the interpretation of audit log files could be hindered or misdirected, while the entries in syslog are correct.
2887 CVE-2017-16679 601 2017-12-12 2018-01-04
5.8
None Remote Medium Not required Partial Partial None
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
2888 CVE-2017-16654 22 Dir. Trav. 2018-08-06 2018-10-17
5.0
None Remote Low Not required Partial None None
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal.
2889 CVE-2017-16652 601 2018-06-13 2018-08-08
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks.
2890 CVE-2017-16642 125 +Info 2017-11-07 2018-11-24
5.0
None Remote Low Not required Partial None None
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.
2891 CVE-2017-16612 190 Overflow 2017-12-01 2018-04-10
5.0
None Remote Low Not required None None Partial
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
2892 CVE-2017-16609 200 +Info 2018-01-22 2018-02-09
5.0
None Remote Low Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750.
2893 CVE-2017-16607 200 +Info 2018-01-22 2018-02-09
5.0
None Remote Low Not required Partial None None
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within heapdumps.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download heap memory dump. An attacker can leverage this in conjunction with other vulnerabilities to disclose sensitive information in the context of the current process. Was ZDI-CAN-4718.
2894 CVE-2017-16540 200 +Info 2017-11-04 2017-11-30
5.0
None Remote Low Not required Partial None None
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.
2895 CVE-2017-16520 264 2017-11-10 2017-11-30
5.0
None Remote Low Not required None Partial None
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
2896 CVE-2017-16516 134 DoS 2017-11-03 2018-02-03
5.0
None Remote Low Not required None None Partial
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
2897 CVE-2017-16366 254 Bypass 2017-12-09 2017-12-14
5.0
None Remote Low Not required None Partial None
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a security bypass vulnerability in the AcroPDF plugin.
2898 CVE-2017-16349 611 DoS 2018-08-02 2018-10-05
5.5
None Remote Low Single system Partial None Partial
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
2899 CVE-2017-16252 119 Overflow 2018-08-06 2018-10-16
5.5
None Remote Low Single system None Partial Partial
Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow.
2900 CVE-2017-16250 200 +Info 2018-03-13 2018-09-07
5.0
None Remote Low Not required Partial None None
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated user names.
Total number of vulnerabilities : 21278   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 (This Page)59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.