CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3501 CVE-2017-9444 352 CSRF 2017-06-05 2017-06-12
6.8
None Remote Medium Not required Partial Partial Partial
BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI.
3502 CVE-2017-9443 89 Sql 2017-06-05 2017-06-09
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."
3503 CVE-2017-9442 94 Exec Code 2017-06-05 2017-06-09
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."
3504 CVE-2017-9437 89 Sql 2017-06-05 2017-06-13
6.5
None Remote Low Single system Partial Partial Partial
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
3505 CVE-2017-9429 89 Exec Code Sql 2017-06-13 2017-08-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
3506 CVE-2017-9427 89 Exec Code Sql 2017-06-04 2017-06-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true.
3507 CVE-2017-9421 287 Bypass 2018-05-24 2018-06-27
6.4
None Remote Low Not required Partial Partial None
Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.
3508 CVE-2017-9418 89 Exec Code Sql 2017-06-12 2017-08-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
3509 CVE-2017-9414 352 XSS CSRF 2018-02-05 2018-02-23
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
3510 CVE-2017-9413 352 CSRF 2017-07-25 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
3511 CVE-2017-9380 434 Exec Code 2017-06-02 2017-06-08
6.5
None Remote Low Single system Partial Partial Partial
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
3512 CVE-2017-9379 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
3513 CVE-2017-9370 287 +Priv 2017-08-09 2017-08-24
6.5
None Remote Low Single system Partial Partial Partial
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.
3514 CVE-2017-9367 22 Dir. Trav. 2017-10-16 2017-11-08
6.8
None Remote Medium Not required Partial Partial Partial
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
3515 CVE-2017-9365 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
3516 CVE-2017-9333 284 Exec Code 2017-09-17 2017-09-21
6.8
None Remote Medium Not required Partial Partial Partial
OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG function in the IpkgController class in plugin/controllers/ipkg.py, when the URL refers to an attacker-controlled web site with a Trojan horse package. This has security implications in cases where untrusted users can trigger CallOPKG calls, and these users can enter an arbitrary URL in an input field, even though that input field was only intended for a package name. This threat model may be relevant in the latest versions of third-party products that bundle OpenWebif, i.e., set-top box products. The issue of Trojan horse packages does NOT have security implications in cases where the attacker has full OpenWebif access.
3517 CVE-2017-9324 264 +Priv 2017-06-12 2017-11-03
6.5
None Remote Low Single system Partial Partial Partial
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
3518 CVE-2017-9314 287 2017-11-13 2017-11-29
6.5
None Remote Low Single system Partial Partial Partial
Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message.
3519 CVE-2017-9301 125 DoS 2017-05-29 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
3520 CVE-2017-9300 119 DoS Overflow 2017-05-29 2017-11-22
6.8
None Remote Medium Not required Partial Partial Partial
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
3521 CVE-2017-9146 119 DoS Overflow 2017-05-22 2018-06-01
6.8
None Remote Medium Not required Partial Partial Partial
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
3522 CVE-2017-9115 189 Exec Code 2017-05-21 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
3523 CVE-2017-9111 189 Exec Code 2017-05-21 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
3524 CVE-2017-9097 22 Dir. Trav. 2017-06-15 2017-07-05
6.4
None Remote Low Not required Partial Partial None
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices through 3.30.5, EC150 devices through 1.40.0, WS200 devices through 3.30.4, EC250 devices through 1.40.0, and other products, an LFI vulnerability allows a remote attacker to read or modify files through a path traversal technique, as demonstrated by reading the password file, or using the template parameter to cgi-bin/write.cgi to write to an arbitrary file.
3525 CVE-2017-9096 611 2017-11-08 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
3526 CVE-2017-9069 434 Exec Code 2017-05-18 2017-05-30
6.5
None Remote Low Single system Partial Partial Partial
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
3527 CVE-2017-9064 352 CSRF 2017-05-18 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
3528 CVE-2017-9043 20 DoS 2017-05-17 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
3529 CVE-2017-9042 704 DoS 2017-05-17 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
3530 CVE-2017-9033 352 CSRF 2017-05-25 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.
3531 CVE-2017-9025 119 Overflow 2017-05-17 2017-05-24
6.4
None Remote Low Not required None Partial Partial
Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.
3532 CVE-2017-8989 601 2018-08-06 2018-10-17
6.4
None Remote Low Not required Partial Partial None
A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.
3533 CVE-2017-8979 264 DoS Exec Code Bypass 2018-02-15 2018-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) firmware could be exploited remotely to allow authentication bypass, code execution, and denial of service.
3534 CVE-2017-8959 264 Bypass 2018-02-15 2018-03-15
6.5
None Remote Low Single system Partial Partial Partial
An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 2040 SAN Storage in version GL220P008 and earlier and was found.
3535 CVE-2017-8930 352 CSRF 2017-05-14 2017-05-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.
3536 CVE-2017-8928 352 CSRF 2017-05-14 2017-08-12
6.8
None Remote Medium Not required Partial Partial Partial
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
3537 CVE-2017-8927 119 DoS Overflow 2017-05-15 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
3538 CVE-2017-8926 119 DoS Overflow 2017-05-15 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
3539 CVE-2017-8913 611 2017-05-23 2018-12-10
6.5
None Remote Low Single system Partial Partial Partial
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
3540 CVE-2017-8912 94 Exec Code 2017-05-12 2017-08-15
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."
3541 CVE-2017-8907 264 Exec Code 2017-06-14 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correctly check if a user creating a deployment project had the edit permission and therefore the rights to do so. An attacker who can login to Bamboo as a user without the edit permission for deployment projects is able to use this vulnerability, provided there is an existing plan with a green build, to create a deployment project and execute arbitrary code on an available Bamboo Agent. By default a local agent is enabled; this means that code execution can occur on the system hosting Bamboo as the user running Bamboo.
3542 CVE-2017-8905 264 Exec Code 2017-05-11 2017-07-10
6.8
None Local Low Single system Complete Complete Complete
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
3543 CVE-2017-8904 264 Exec Code 2017-05-11 2017-07-10
6.8
None Local Low Single system Complete Complete Complete
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
3544 CVE-2017-8899 264 XSS 2017-05-11 2017-05-16
6.8
None Remote Medium Not required Partial Partial Partial
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
3545 CVE-2017-8894 444 Exec Code 2017-07-02 2017-07-07
6.8
None Remote Medium Not required Partial Partial Partial
AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.
3546 CVE-2017-8874 352 CSRF 2017-05-10 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
3547 CVE-2017-8872 125 DoS 2017-05-10 2017-05-15
6.4
None Remote Low Not required Partial None Partial
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
3548 CVE-2017-8870 119 Exec Code Overflow 2017-07-27 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute arbitrary code via a crafted .m3u file.
3549 CVE-2017-8869 119 Exec Code Overflow 2017-07-27 2017-08-02
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
3550 CVE-2017-8854 119 Overflow 2017-05-09 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.