CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3101 CVE-2017-1000045 352 Bypass CSRF 2017-07-17 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking
3102 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
3103 CVE-2017-1000017 918 2017-07-17 2018-07-27
6.5
None Remote Low Single system Partial Partial Partial
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
3104 CVE-2017-1000010 264 Exec Code 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution
3105 CVE-2017-1000008 352 CSRF 2017-07-17 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
3106 CVE-2017-18376 264 2019-06-02 2019-06-03
6.5
None Remote Low Single system Partial Partial Partial
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
3107 CVE-2017-18375 502 2019-05-24 2019-05-29
6.5
None Remote Low Single system Partial Partial Partial
Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.
3108 CVE-2017-18366 352 CSRF 2019-04-15 2019-04-15
6.8
None Remote Medium Not required Partial Partial Partial
Subrion CMS 4.1.5 has CSRF in blog/delete/.
3109 CVE-2017-18348 264 +Priv 2018-10-19 2018-12-04
6.9
None Local Medium Not required Complete Complete Complete
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.
3110 CVE-2017-18309 129 2018-10-26 2018-12-11
6.6
None Local Low Not required Complete Complete None
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850.
3111 CVE-2017-18305 284 2018-10-23 2018-12-07
6.9
None Local Medium Not required Complete Complete Complete
XBL sec mem dump system call allows complete control of EL3 by unlocking all XPUs if enable fuse is not blown in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835.
3112 CVE-2017-18283 20 Mem. Corr. 2018-10-23 2018-12-06
6.1
None Local Network Low Not required None None Complete
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
3113 CVE-2017-18266 74 2018-05-10 2018-06-14
6.8
None Remote Medium Not required Partial Partial Partial
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
3114 CVE-2017-18260 89 Sql 2018-04-10 2018-05-16
6.5
None Remote Low Single system Partial Partial Partial
Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities in versions through 7.0.0 via comm/propal/list.php (viewstatut parameter) or comm/propal/list.php (propal_statut parameter, aka search_statut parameter).
3115 CVE-2017-18234 416 DoS 2018-03-15 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp.
3116 CVE-2017-18223 287 2018-03-10 2018-04-09
6.8
None Remote Medium Not required Partial Partial Partial
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
3117 CVE-2017-18220 416 DoS 2018-03-05 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403.
3118 CVE-2017-18213 264 2018-03-03 2018-03-27
6.5
None Remote Low Single system Partial Partial Partial
In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate their privileges.
3119 CVE-2017-18209 476 2018-03-01 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory.
3120 CVE-2017-18205 476 2018-02-27 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
3121 CVE-2017-18202 416 DoS 2018-02-27 2018-09-26
6.9
None Local Medium Not required Complete Complete Complete
The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window.
3122 CVE-2017-18198 125 DoS 2018-02-24 2018-10-31
6.8
None Remote Medium Not required Partial Partial Partial
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
3123 CVE-2017-18179 287 2018-02-12 2018-03-05
6.5
None Remote Low Single system Partial Partial Partial
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1.
3124 CVE-2017-18122 347 Bypass 2018-02-02 2019-05-13
6.8
None Remote Medium Not required Partial Partial Partial
A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid. Attributes contained in all the assertions received will be merged and the entityID of the first assertion received will be used, allowing an attacker to impersonate any user of any IdP given an assertion signed by the targeted IdP.
3125 CVE-2017-18120 415 2018-02-02 2018-02-14
6.8
None Remote Medium Not required Partial Partial Partial
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
3126 CVE-2017-18108 94 Exec Code 2019-03-29 2019-04-01
6.5
None Remote Low Single system Partial Partial Partial
The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights to execute arbitrary code via a JNDI injection.
3127 CVE-2017-18106 287 2019-03-29 2019-04-01
6.0
None Remote Medium Single system Partial Partial Partial
The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for another user or a user in a different directory, this allows remote attackers who can authenticate to Crowd or an application using Crowd for authentication to gain access to another user's session provided they can make their identifier hash collide with another user's session identifier hash.
3128 CVE-2017-18105 384 2019-03-29 2019-04-01
6.8
None Remote Medium Not required Partial Partial Partial
The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who have previously obtained a user's JSESSIONID cookie, to gain access to some of the built-in and potentially third party rest resources via a session fixation vulnerability.
3129 CVE-2017-18101 275 2018-04-10 2018-05-17
6.4
None Remote Low Not required Partial Partial None
Various administrative external system import resources in Atlassian JIRA Server (including JIRA Core) before version 7.6.5, from version 7.7.0 before version 7.7.3, from version 7.8.0 before version 7.8.3 and before version 7.9.0 allow remote attackers to run import operations and to determine if an internal service exists through missing permission checks.
3130 CVE-2017-18087 264 Exec Code 2018-02-15 2018-10-12
6.0
None Remote Medium Single system Partial Partial Partial
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
3131 CVE-2017-18080 352 CSRF 2018-02-02 2018-02-13
6.8
None Remote Medium Not required Partial Partial Partial
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability.
3132 CVE-2017-18048 434 Exec Code 2018-01-23 2018-02-08
6.5
None Remote Low Single system Partial Partial Partial
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
3133 CVE-2017-18042 352 CSRF 2018-02-02 2019-04-29
6.8
None Remote Medium Not required Partial Partial Partial
The update user administration resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify user data including passwords via a Cross-site request forgery (CSRF) vulnerability.
3134 CVE-2017-18026 77 Exec Code 2018-01-10 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involving a branch whose name begins with a --config= or --debugger= substring, a related issue to CVE-2017-17536.
3135 CVE-2017-17990 352 CSRF 2017-12-29 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.
3136 CVE-2017-17987 434 2017-12-29 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload via admin/mydetails_edit.php.
3137 CVE-2017-17983 89 Sql 2017-12-29 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
3138 CVE-2017-17982 352 CSRF 2017-12-29 2018-01-09
6.0
None Remote Medium Single system Partial Partial Partial
PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.
3139 CVE-2017-17973 416 2017-12-29 2018-02-11
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.
3140 CVE-2017-17969 787 DoS Exec Code Overflow 2018-01-30 2018-05-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
3141 CVE-2017-17960 352 CSRF 2017-12-28 2018-04-12
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php.
3142 CVE-2017-17950 89 Sql 2017-12-28 2018-04-13
6.5
None Remote Low Single system Partial Partial Partial
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
3143 CVE-2017-17942 119 Overflow 2017-12-28 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.
3144 CVE-2017-17941 89 Sql 2017-12-28 2018-01-09
6.5
None Remote Low Single system Partial Partial Partial
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.
3145 CVE-2017-17939 352 CSRF 2017-12-28 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.
3146 CVE-2017-17936 352 CSRF 2017-12-28 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
Vanguard Marketplace Digital Products PHP has CSRF via /search.
3147 CVE-2017-17930 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.
3148 CVE-2017-17920 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3149 CVE-2017-17919 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3150 CVE-2017-17917 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.