CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000367 20 Exec Code 2017-06-05 2017-06-09
6.9
None Local Medium Not required Complete Complete Complete
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
2 CVE-2017-9603 89 Exec Code Sql 2017-06-13 2017-06-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
3 CVE-2017-9519 352 CSRF 2017-06-08 2017-06-13
6.8
None Remote Medium Not required Partial Partial Partial
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
4 CVE-2017-9518 352 CSRF 2017-06-08 2017-06-13
6.8
None Remote Medium Not required Partial Partial Partial
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
5 CVE-2017-9517 352 CSRF 2017-06-08 2017-06-13
6.8
None Remote Medium Not required Partial Partial Partial
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
6 CVE-2017-9449 89 Exec Code Sql 2017-06-06 2017-06-12
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name.
7 CVE-2017-9444 352 CSRF 2017-06-05 2017-06-12
6.8
None Remote Medium Not required Partial Partial Partial
BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= URI, and the index.php/admin/developer/upgrade/set-ftp-directory/ URI.
8 CVE-2017-9443 89 Sql 2017-06-05 2017-06-09
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."
9 CVE-2017-9442 94 Exec Code 2017-06-05 2017-06-09
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in core\admin\modules\developer\extensions\install\unpack.php and core\admin\modules\developer\packages\install\unpack.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files."
10 CVE-2017-9437 89 Sql 2017-06-05 2017-06-13
6.5
None Remote Low Single system Partial Partial Partial
Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.
11 CVE-2017-9429 89 Exec Code Sql 2017-06-13 2017-06-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
12 CVE-2017-9427 89 Exec Code Sql 2017-06-04 2017-06-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true.
13 CVE-2017-9418 89 Exec Code Sql 2017-06-12 2017-06-20
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
14 CVE-2017-9380 434 Exec Code 2017-06-02 2017-06-08
6.5
None Remote Low Single system Partial Partial Partial
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
15 CVE-2017-9379 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.
16 CVE-2017-9365 352 CSRF 2017-06-02 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
17 CVE-2017-9301 125 DoS 2017-05-29 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
18 CVE-2017-9300 119 DoS Overflow 2017-05-29 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
19 CVE-2017-9146 119 DoS Overflow 2017-05-22 2017-06-02
6.8
None Remote Medium Not required Partial Partial Partial
The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through 1.9.2 does not ensure a nonzero count value before a certain memory allocation, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted tnef file.
20 CVE-2017-9115 189 Exec Code 2017-05-21 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
21 CVE-2017-9111 189 Exec Code 2017-05-21 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
22 CVE-2017-9069 434 Exec Code 2017-05-18 2017-05-30
6.5
None Remote Low Single system Partial Partial Partial
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
23 CVE-2017-9064 352 CSRF 2017-05-18 2017-05-23
6.8
None Remote Medium Not required Partial Partial Partial
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
24 CVE-2017-9043 20 DoS 2017-05-17 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
25 CVE-2017-9042 704 DoS 2017-05-17 2017-05-23
6.8
None Remote Medium Not required Partial Partial Partial
readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.
26 CVE-2017-9033 352 CSRF 2017-05-25 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows remote attackers to hijack the authentication of users for requests to start an update from an arbitrary source via a crafted request to SProtectLinux/scanoption_set.cgi, related to the lack of anti-CSRF tokens.
27 CVE-2017-9025 119 Overflow 2017-05-17 2017-05-24
6.4
None Remote Low Not required None Partial Partial
Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.
28 CVE-2017-8930 352 CSRF 2017-05-14 2017-05-25
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application, (2) create regular user accounts, or (3) change configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.
29 CVE-2017-8928 352 CSRF 2017-05-14 2017-05-23
6.8
None Remote Medium Not required Partial Partial Partial
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
30 CVE-2017-8927 119 DoS Overflow 2017-05-15 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
31 CVE-2017-8926 119 DoS Overflow 2017-05-15 2017-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
32 CVE-2017-8913 611 2017-05-23 2017-06-01
6.5
None Remote Low Single system Partial Partial Partial
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
33 CVE-2017-8912 94 Exec Code 2017-05-12 2017-05-17
6.5
None Remote Low Single system Partial Partial Partial
** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug."
34 CVE-2017-8905 264 Exec Code 2017-05-11 2017-05-29
6.8
None Local Low Single system Complete Complete Complete
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
35 CVE-2017-8904 264 Exec Code 2017-05-11 2017-05-29
6.8
None Local Low Single system Complete Complete Complete
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
36 CVE-2017-8899 264 XSS 2017-05-11 2017-05-16
6.8
None Remote Medium Not required Partial Partial Partial
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation.
37 CVE-2017-8874 352 CSRF 2017-05-10 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
38 CVE-2017-8872 125 DoS 2017-05-10 2017-05-15
6.4
None Remote Low Not required Partial None Partial
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
39 CVE-2017-8854 119 Overflow 2017-05-09 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
40 CVE-2017-8853 22 Dir. Trav. 2017-05-09 2017-05-17
6.4
None Remote Low Not required None Partial Partial
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
41 CVE-2017-8852 119 Overflow 2017-05-10 2017-05-18
6.8
None Remote Medium Not required Partial Partial Partial
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
42 CVE-2017-8844 119 DoS Overflow 2017-05-08 2017-05-16
6.8
None Remote Medium Not required Partial Partial Partial
The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive.
43 CVE-2017-8836 352 Exec Code CSRF 2017-06-05 2017-06-12
6.8
None Remote Medium Not required Partial Partial Partial
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
44 CVE-2017-8829 502 Exec Code 2017-05-08 2017-05-16
6.8
None Remote Medium Not required Partial Partial Partial
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
45 CVE-2017-8827 287 DoS 2017-05-08 2017-05-12
6.4
None Remote Low Not required None Partial Partial
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
46 CVE-2017-8794 918 2017-05-05 2017-05-17
6.4
None Remote Low Not required Partial Partial None
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.html allows SSRF attacks with a file:///etc/passwd#https:// URL pattern.
47 CVE-2017-8793 264 Bypass 2017-05-05 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin header allowing the attacker to have site access with a bypass of the Same Origin Policy.
48 CVE-2017-8787 119 DoS Overflow 2017-05-05 2017-05-17
6.8
None Remote Medium Not required Partial Partial Partial
The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.
49 CVE-2017-8494 264 2017-06-14 2017-06-21
6.9
None Local Medium Not required Complete Complete Complete
Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability".
50 CVE-2017-8455 125 Exec Code +Info 2017-05-03 2017-05-12
6.8
None Remote Medium Not required Partial Partial Partial
Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.