CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002026 89 Sql 2017-09-14 2017-09-20
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement.
2 CVE-2017-1002025 89 Sql 2017-09-14 2017-09-21
6.5
None Remote Low Single system Partial Partial Partial
Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement.
3 CVE-2017-1000376 119 Exec Code Overflow 2017-06-19 2017-11-03
6.9
None Local Medium Not required Complete Complete Complete
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
4 CVE-2017-1000373 400 Exec Code 2017-06-19 2017-10-23
6.4
None Remote Low Not required None Partial Partial
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
5 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-08-12
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
6 CVE-2017-1000364 119 Overflow Bypass 2017-06-19 2017-11-03
6.2
None Local High Not required Complete Complete Complete
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
7 CVE-2017-1000244 352 CSRF 2017-11-01 2017-11-18
6.8
None Remote Medium Not required Partial Partial Partial
Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification
8 CVE-2017-1000150 384 2017-11-03 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
9 CVE-2017-1000148 94 Exec Code 2017-11-03 2017-11-13
6.5
None Remote Low Single system Partial Partial Partial
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
10 CVE-2017-1000147 352 CSRF 2017-11-03 2017-11-15
6.0
None Remote Medium Single system Partial Partial Partial
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into their Mahara account.
11 CVE-2017-1000139 918 2017-11-03 2017-11-15
6.0
None Remote Medium Single system Partial Partial Partial
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
12 CVE-2017-1000134 264 2017-11-03 2017-11-15
6.5
None Remote Low Single system Partial Partial Partial
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable because group members can lose access to the group files they uploaded if another group member changes the access permissions on them.
13 CVE-2017-1000120 89 Exec Code Sql 2017-10-04 2017-10-13
6.5
None Remote Low Single system Partial Partial Partial
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
14 CVE-2017-1000119 434 Exec Code 2017-10-04 2017-10-25
6.5
None Remote Low Single system Partial Partial Partial
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
15 CVE-2017-1000117 284 2017-10-04 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
16 CVE-2017-1000112 362 Mem. Corr. 2017-10-04 2017-11-05
6.9
None Local Medium Not required Complete Complete Complete
Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005.
17 CVE-2017-1000107 284 Bypass 2017-10-04 2017-11-01
6.5
None Remote Low Single system Partial Partial Partial
Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection.
18 CVE-2017-1000096 284 Exec Code 2017-10-04 2017-10-17
6.5
None Remote Low Single system Partial Partial Partial
Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles.
19 CVE-2017-1000093 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Poll SCM Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to initiate polling of projects with a known name. While Jenkins in general does not consider polling to be a protection-worthy action as it's similar to cache invalidation, the plugin specifically adds a permission to be able to use this functionality, and this issue undermines that permission.
20 CVE-2017-1000091 352 CSRF 2017-10-04 2017-10-17
6.8
None Remote Medium Not required Partial Partial Partial
GitHub Branch Source Plugin connects to a user-specified GitHub API URL (e.g. GitHub Enterprise) as part of form validation and completion (e.g. to verify Scan Credentials are correct). This functionality improperly checked permissions, allowing any user with Overall/Read access to Jenkins to connect to any web server and send credentials with a known ID, thereby possibly capturing them. Additionally, this functionality did not require POST requests be used, thereby allowing the above to be performed without direct access to Jenkins via Cross-Site Request Forgery.
21 CVE-2017-1000090 352 CSRF 2017-10-04 2017-11-02
6.8
None Remote Medium Not required Partial Partial Partial
Role-based Authorization Strategy Plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks. This allowed attackers to add administrator role to any user, or to remove the authorization configuration, preventing legitimate access to Jenkins.
22 CVE-2017-1000086 352 CSRF 2017-10-04 2017-11-02
6.0
None Remote Medium Single system Partial Partial Partial
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
23 CVE-2017-1000083 77 Exec Code 2017-09-05 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
24 CVE-2017-1000071 264 Bypass 2017-07-17 2017-08-04
6.8
None Remote Medium Not required Partial Partial Partial
Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.
25 CVE-2017-1000069 352 CSRF 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
CSRF in Bitly oauth2_proxy 2.1 during authentication flow
26 CVE-2017-1000067 89 Sql 2017-07-17 2017-07-21
6.5
None Remote Low Single system Partial Partial Partial
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges.
27 CVE-2017-1000053 502 Exec Code 2017-07-17 2017-08-03
6.8
None Remote Medium Not required Partial Partial Partial
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
28 CVE-2017-1000045 352 Bypass CSRF 2017-07-17 2017-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Mautic SSO/OAuth2 plugins are vulnerable to CSRF of the state parameter resulting in authentication bypass through clickjacking
29 CVE-2017-1000031 89 Exec Code Sql 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
30 CVE-2017-1000017 918 2017-07-17 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server
31 CVE-2017-1000010 264 Exec Code 2017-07-17 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
Audacity version 2.1.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution
32 CVE-2017-1000008 352 CSRF 2017-07-17 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
33 CVE-2017-16547 20 DoS 2017-11-06 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.
34 CVE-2017-16546 119 DoS Overflow 2017-11-05 2017-11-18
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.
35 CVE-2017-16545 476 DoS 2017-11-05 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.
36 CVE-2017-16358 125 2017-11-01 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search.
37 CVE-2017-16357 119 Overflow Mem. Corr. 2017-11-01 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory.
38 CVE-2017-16352 119 Overflow 2017-11-01 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
39 CVE-2017-16244 352 Bypass CSRF 2017-10-31 2017-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.
40 CVE-2017-16000 89 Exec Code Sql 2017-10-29 2017-11-16
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php.
41 CVE-2017-15996 119 DoS Overflow 2017-10-29 2017-11-13
6.8
None Remote Medium Not required Partial Partial Partial
elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to cause a denial of service (excessive memory allocation) or possibly have unspecified other impact via a crafted ELF file that triggers a "buffer overflow on fuzzed archive header," related to an uninitialized variable, an improper conditional jump, and the get_archive_member_name, process_archive_index_and_symbols, and setup_archive functions.
42 CVE-2017-15957 434 2017-10-29 2017-11-17
6.5
None Remote Low Single system Partial Partial Partial
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
43 CVE-2017-15949 89 Sql 2017-10-27 2017-11-14
6.5
None Remote Low Single system Partial Partial Partial
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
44 CVE-2017-15933 89 Exec Code Sql 2017-10-27 2017-11-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php.
45 CVE-2017-15932 125 2017-10-27 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems.
46 CVE-2017-15931 125 2017-10-27 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
47 CVE-2017-15930 476 2017-10-27 2017-11-01
6.8
None Remote Medium Not required Partial Partial Partial
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
48 CVE-2017-15880 89 Exec Code Sql 2017-10-24 2017-11-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the group_name parameter to module/admin_group/add_modify_group.php (for insert_group and update_group).
49 CVE-2017-15879 20 2017-10-24 2017-11-14
6.8
None Remote Medium Not required Partial Partial Partial
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
50 CVE-2017-15808 352 CSRF 2017-10-23 2017-10-25
6.8
None Remote Medium Not required Partial Partial Partial
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.