CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3901 CVE-2017-17917 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3902 CVE-2017-17916 89 Exec Code Sql 2017-12-29 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input.
3903 CVE-2017-17915 119 Overflow 2017-12-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
3904 CVE-2017-17913 119 Overflow 2017-12-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.
3905 CVE-2017-17912 119 Overflow 2017-12-27 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
3906 CVE-2017-17908 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
3907 CVE-2017-17905 352 CSRF 2017-12-27 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
3908 CVE-2017-17903 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.
3909 CVE-2017-17894 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Readymade Job Site Script has CSRF via the /job URI.
3910 CVE-2017-17891 352 CSRF 2017-12-27 2018-01-09
6.8
None Remote Medium Not required Partial Partial Partial
Readymade Video Sharing Script has CSRF via user-profile-edit.php.
3911 CVE-2017-17880 119 Overflow 2017-12-27 2018-01-01
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.
3912 CVE-2017-17879 119 Overflow 2017-12-27 2019-04-16
6.8
None Remote Medium Not required Partial Partial Partial
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
3913 CVE-2017-17874 434 2017-12-27 2018-01-11
6.5
None Remote Low Single system Partial Partial Partial
Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.
3914 CVE-2017-17866 119 DoS Overflow 2017-12-27 2018-11-05
6.8
None Remote Medium Not required Partial Partial Partial
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document.
3915 CVE-2017-17858 119 Exec Code Overflow 2018-01-22 2018-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted.
3916 CVE-2017-17831 20 Exec Code 2017-12-21 2019-08-01
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
3917 CVE-2017-17830 352 CSRF 2017-12-21 2018-01-03
6.0
None Remote Medium Single system Partial Partial Partial
Bus Booking Script has CSRF via admin/new_master.php.
3918 CVE-2017-17829 89 Sql 2017-12-21 2018-01-03
6.5
None Remote Low Single system Partial Partial Partial
Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter.
3919 CVE-2017-17827 352 CSRF 2017-12-20 2018-01-03
6.8
None Remote Medium Not required Partial Partial Partial
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration&section=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin user into performing unintended actions.
3920 CVE-2017-17809 426 2017-12-20 2018-01-10
6.8
None Remote Medium Not required Partial Partial Partial
In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice launch daemon has an unprotected XPC service that allows attackers to update the underlying OpenVPN configuration and the arguments passed to the OpenVPN binary when executed. An attacker can abuse this vulnerability by forcing the VyprVPN application to load a malicious dynamic library every time a new connection is made.
3921 CVE-2017-17789 119 Overflow 2017-12-20 2018-05-01
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c.
3922 CVE-2017-17788 125 2017-12-20 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a stack-based buffer over-read in xcf_load_stream in app/xcf/xcf.c when there is no '\0' character after the version string.
3923 CVE-2017-17787 125 2017-12-20 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c.
3924 CVE-2017-17786 125 2017-12-20 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in plug-ins/common/file-tga.c (related to bgr2rgb.part.1) via an unexpected bits-per-pixel value for an RGBA image.
3925 CVE-2017-17785 119 Overflow 2017-12-20 2018-03-15
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c.
3926 CVE-2017-17784 125 2017-12-20 2018-05-01
6.8
None Remote Medium Not required Partial Partial Partial
In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in plug-ins/common/file-gbr.c in the gbr import parser, related to mishandling of UTF-8 data.
3927 CVE-2017-17782 119 Overflow 2017-12-20 2018-10-18
6.8
None Remote Medium Not required Partial Partial Partial
In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation.
3928 CVE-2017-17774 352 CSRF 2017-12-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
admin/configuration.php in Piwigo 2.9.2 has CSRF.
3929 CVE-2017-17751 284 2018-03-24 2018-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Bose SoundTouch devices allows remote attackers to achieve remote control via a crafted web site that uses the WebSocket Protocol.
3930 CVE-2017-17743 287 2018-03-22 2018-04-18
6.5
None Remote Low Single system Partial Partial Partial
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account.
3931 CVE-2017-17738 264 2017-12-18 2018-01-04
6.4
None Remote Low Not required None Partial Partial
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.
3932 CVE-2017-17727 434 Exec Code 2017-12-18 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
3933 CVE-2017-17715 22 Dir. Trav. 2017-12-16 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
3934 CVE-2017-17712 362 Exec Code +Priv 2017-12-15 2018-04-03
6.9
None Local Medium Not required Complete Complete Complete
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.
3935 CVE-2017-17707 285 2018-07-31 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.
3936 CVE-2017-17695 89 Sql 2017-12-15 2017-12-21
6.5
None Remote Low Single system Partial Partial Partial
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
3937 CVE-2017-17670 416 2017-12-15 2019-04-26
6.8
None Remote Medium Not required Partial Partial Partial
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be changed between a read operation and a free operation.
3938 CVE-2017-17665 284 Bypass 2017-12-13 2018-01-12
6.5
None Remote Low Single system Partial Partial Partial
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.
3939 CVE-2017-17615 89 Sql 2017-12-13 2017-12-26
6.5
None Remote Low Single system Partial Partial Partial
Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php id parameter.
3940 CVE-2017-17566 19 DoS +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
3941 CVE-2017-17564 388 DoS +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
3942 CVE-2017-17563 119 DoS Overflow +Priv 2017-12-12 2018-10-19
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
3943 CVE-2017-17562 20 Exec Code 2017-12-12 2018-04-19
6.8
None Remote Medium Not required Partial Partial Partial
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
3944 CVE-2017-17561 284 Exec Code 2017-12-12 2017-12-27
6.5
None Remote Low Single system Partial Partial Partial
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.
3945 CVE-2017-17557 119 Exec Code Overflow 2018-04-24 2018-06-05
6.8
None Remote Medium Not required Partial Partial Partial
In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw exists within the parsing of the BITMAPINFOHEADER record in BMP files. The issue results from the lack of proper validation of the biSize member, which can result in a heap based buffer overflow. An attacker can leverage this to execute code in the context of the current process.
3946 CVE-2017-17552 352 Bypass CSRF 2018-02-07 2018-03-13
6.8
None Remote Medium Not required Partial Partial Partial
/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 allows attackers to conduct URL Redirection attacks via the src parameter, resulting in a bypass of CSRF protection, or potentially masquerading a malicious URL as trusted.
3947 CVE-2017-17551 20 2017-12-11 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Browser backup file. This arbitrary file write vulnerability allows an attacker to overwrite a specific executable in the Dolphin Browser's data directory with a crafted malicious executable. Every time the Dolphin Browser is launched, it will attempt to run the malicious executable from disk, thus executing the attacker's code.
3948 CVE-2017-17550 352 XSS CSRF 2018-11-10 2018-12-13
6.8
None Remote Medium Not required Partial Partial Partial
ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account's access could, for example, subsequently be used for stored XSS.
3949 CVE-2017-17536 77 Exec Code 2017-12-11 2017-12-28
6.8
None Remote Medium Not required Partial Partial Partial
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
3950 CVE-2017-17535 74 2017-12-14 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.