CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000235 78 2017-11-16 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
2 CVE-2017-1000228 20 Exec Code 2017-11-16 2017-11-30
10.0
None Remote Low Not required Complete Complete Complete
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
3 CVE-2017-1000215 77 Exec Code 2017-11-17 2017-12-01
10.0
None Remote Low Not required Complete Complete Complete
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
4 CVE-2017-1000203 77 Exec Code 2017-11-17 2017-12-04
9.0
None Remote Low Single system Complete Complete Complete
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
5 CVE-2017-1000169 20 Exec Code 2017-11-17 2017-12-02
10.0
None Remote Low Not required Complete Complete Complete
QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.
6 CVE-2017-1000082 20 2017-07-07 2017-07-22
10.0
Admin Remote Low Not required Complete Complete Complete
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
7 CVE-2017-1000060 89 Sql 2017-07-17 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root
8 CVE-2017-1000034 502 Exec Code 2017-07-17 2017-08-04
9.3
None Remote Medium Not required Complete Complete Complete
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
9 CVE-2017-1000020 287 Bypass 2017-07-17 2017-08-15
10.0
None Remote Low Not required Complete Complete Complete
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others."
10 CVE-2017-16844 119 DoS Exec Code Overflow 2017-11-16 2017-12-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.
11 CVE-2017-16820 415 2017-11-14 2017-11-30
10.0
None Remote Low Not required Complete Complete Complete
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
12 CVE-2017-16667 78 Exec Code 2017-11-08 2017-12-04
9.3
None Remote Medium Not required Complete Complete Complete
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
13 CVE-2017-16660 264 Exec Code 2017-11-08 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
14 CVE-2017-16659 264 +Priv 2017-11-08 2017-11-29
9.3
None Remote Medium Not required Complete Complete Complete
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
15 CVE-2017-16641 78 Exec Code 2017-11-07 2017-11-28
9.0
None Remote Low Single system Complete Complete Complete
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
16 CVE-2017-16638 264 +Priv 2017-11-06 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.
17 CVE-2017-16566 287 2017-11-17 2017-12-07
10.0
None Remote Low Not required Complete Complete Complete
On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.
18 CVE-2017-16523 255 2017-11-03 2017-11-21
10.0
None Remote Low Not required Complete Complete Complete
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
19 CVE-2017-16522 264 Exec Code 2017-11-03 2017-11-21
9.0
None Remote Low Single system Complete Complete Complete
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
20 CVE-2017-15935 94 Exec Code 2017-10-27 2017-11-14
9.0
None Remote Low Single system Complete Complete Complete
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.
21 CVE-2017-15597 264 DoS Mem. Corr. +Info 2017-10-30 2017-11-29
9.0
None Remote Low Single system Complete Complete Complete
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.
22 CVE-2017-15376 94 Exec Code 2017-10-16 2017-11-07
10.0
None Remote Low Not required Complete Complete Complete
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
23 CVE-2017-15366 264 2017-10-26 2017-11-17
10.0
None Remote Low Not required Complete Complete Complete
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.
24 CVE-2017-15295 264 2017-10-16 2017-11-01
10.0
None Remote Low Not required Complete Complete Complete
Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.
25 CVE-2017-15293 264 2017-10-16 2017-11-07
10.0
None Remote Low Not required Complete Complete Complete
Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064.
26 CVE-2017-14867 20 Exec Code 2017-09-28 2017-10-11
9.0
None Remote Low Single system Complete Complete Complete
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
27 CVE-2017-14743 89 Sql 2017-09-26 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
28 CVE-2017-14705 77 Exec Code 2017-09-22 2017-10-05
9.3
None Remote Medium Not required Complete Complete Complete
DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
29 CVE-2017-14602 264 2017-09-26 2017-11-14
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
30 CVE-2017-14429 77 Exec Code 2017-09-13 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices allows unauthenticated remote code execution as root because /etc/services/INET/inet_ipv4.php mishandles shell metacharacters, affecting generated files such as WAN-1-udhcpc.sh.
31 CVE-2017-14421 798 2017-09-13 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have a hardcoded password of wrgac25_dlink.2013gui_dir850l for the Alphanetworks account upon device reset, which allows remote attackers to obtain root access via a TELNET session.
32 CVE-2017-14375 264 Bypass 2017-10-31 2017-11-27
10.0
None Remote Low Not required Complete Complete Complete
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.15, EMC VASA Virtual Appliance versions prior to 8.4.0.512, and EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier) contain an authentication bypass vulnerability that may potentially be exploited by malicious users to compromise the affected system.
33 CVE-2017-14350 306 Exec Code 2017-09-29 2017-10-05
10.0
None Remote Low Not required Complete Complete Complete
A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.
34 CVE-2017-14322 287 Bypass 2017-10-18 2017-11-08
10.0
None Remote Low Not required Complete Complete Complete
The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value.
35 CVE-2017-14263 264 2017-09-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device.
36 CVE-2017-14262 264 2017-09-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter.
37 CVE-2017-14244 255 Bypass 2017-09-17 2017-09-27
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi.
38 CVE-2017-14243 255 Bypass 2017-09-17 2017-09-27
10.0
None Remote Low Not required Complete Complete Complete
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi.
39 CVE-2017-14135 78 Exec Code 2017-09-04 2017-09-12
10.0
None Remote Low Not required Complete Complete Complete
enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.
40 CVE-2017-14127 78 Exec Code 2017-09-04 2017-09-08
10.0
None Remote Low Not required Complete Complete Complete
Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.
41 CVE-2017-14123 434 2017-09-04 2017-09-13
9.0
None Remote Low Single system Complete Complete Complete
Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server context, as demonstrated by /itplus/FileStorage/302/shell.jsp.
42 CVE-2017-14116 798 2017-09-03 2017-09-13
9.3
None Remote Medium Not required Complete Complete Complete
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
43 CVE-2017-14115 284 2017-09-03 2017-09-13
9.3
None Remote Medium Not required Complete Complete Complete
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands.
44 CVE-2017-14078 89 Exec Code Sql 2017-09-22 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
45 CVE-2017-14029 427 2017-11-06 2017-11-27
9.3
None Remote Medium Not required Complete Complete Complete
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.
46 CVE-2017-14027 798 2017-10-31 2017-11-22
10.0
None Remote Low Not required Complete Complete Complete
A Use of Hard-coded Credentials issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. The software uses undocumented hard-coded credentials that may allow an attacker to gain remote access.
47 CVE-2017-14024 119 Exec Code Overflow 2017-11-13 2017-12-01
10.0
Admin Remote Low Not required Complete Complete Complete
A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution with high privileges.
48 CVE-2017-14021 798 2017-10-31 2017-11-22
10.0
None Remote Low Not required Complete Complete Complete
A Use of Hard-coded Cryptographic Key issue was discovered in Korenix JetNet JetNet5018G version 1.4, JetNet5310G version 1.4a, JetNet5428G-2G-2FX version 1.4, JetNet5628G-R version 1.4, JetNet5628G version 1.4, JetNet5728G-24P version 1.4, JetNet5828G version 1.1d, JetNet6710G-HVDC version 1.1e, and JetNet6710G version 1.1. An attacker may gain access to hard-coded certificates and private keys allowing the attacker to perform man-in-the-middle attacks.
49 CVE-2017-14020 427 2017-11-13 2017-12-05
9.3
None Remote Medium Not required Complete Complete Complete
An Uncontrolled Search Path Element issue was discovered in AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) versions 2.10 and prior, C-More Programming Software (Part Number EA9-PGMSW) versions 6.30 and prior, C-More Micro (Part Number EA-PGMSW) versions 4.20.01.0 and prior, GS Drives Configuration Software (Part Number GSOFT) versions 4.0.6 and prior, and SL-SOFT SOLO Temperature Controller Configuration Software (Part Number SL-SOFT) versions 1.1.0.5 and prior. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. To exploit this vulnerability, an attacker could rename a malicious DLL to meet the criteria of the application, and the application would not verify that the DLL is correct. Once loaded by the application, the DLL could run malicious code at the privilege level of the application.
50 CVE-2017-14001 78 Exec Code 2017-09-25 2017-10-10
9.0
None Remote Low Single system Complete Complete Complete
An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system through the inclusion of OS commands in the URL request of the program.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.