CVE-2017-7738 CVSS:0.0
An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.5, 5.2 and below versions allow an admin user with super_admin privileges to view the current SSL VPN web portal session info which may contains user credentials through the fnsysctl CLI command. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17672 CVSS:0.0
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17671 CVSS:0.0
vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For example, an attacker can make an invalid HTTP request containing PHP code, and then make an index.php?routestring= request with enough instances of ".." to reach an Apache HTTP Server log file. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17669 CVSS:0.0
There is a heap-based buffer over-read in the Exiv2::Internal::PngChunk::keyTXTChunk function of pngchunk_int.cpp in Exiv2 0.26. A crafted PNG file will lead to a remote denial of service attack. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17665 CVSS:0.0
In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17664 CVSS:0.0
A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17648 CVSS:0.0
Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17642 CVSS:0.0
Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17641 CVSS:0.0
Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. (Last Update:2017-12-13) (Publish Update:2017-12-13)
CVE-2017-17640 CVSS:0.0
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. (Last Update:2017-12-13) (Publish Update:2017-12-13)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by