![]() |
|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
![]() ![]() |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
![]() SB17-317: Vulnerability Summary for the Week of November 6, 2017
11-13-2017 03:36 AM Original release date: November 13, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
* High Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top * Medium Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infographicsmagick -- graphicsmagickThe ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.2017-11-056.8CVE-2017-16545 CONFIRM CONFIRMgraphicsmagick -- graphicsmagickThe DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.2017-11-066.8CVE-2017-16547 CONFIRM CONFIRMimagemagick -- imagemagickThe ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.2017-11-056.8CVE-2017-16546 CONFIRM CONFIRM @#21#Back to top * Low Vulnerabilities Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top * Severity Not Yet Assigned Primary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- fox515t *An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.2017-11-06not yet calculatedCVE-2017-14025 BID MISCadvantech -- webaccess *An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.2017-11-06not yet calculatedCVE-2017-12719 BID MISCadvantech -- webaccess *A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.2017-11-06not yet calculatedCVE-2017-14016 BID MISCasterisk -- open_source_certified_asterisk *A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.2017-11-08not yet calculatedCVE-2017-16671 CONFIRM BID CONFIRMasterisk -- open_source_certified_asterisk *An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.2017-11-08not yet calculatedCVE-2017-16672 CONFIRM BID CONFIRMavaya -- ip_office_contact_center *Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.2017-11-09not yet calculatedCVE-2017-12969 CONFIRM MISC MISC FULLDISC BID EXPLOIT-DBavaya -- ip_office *Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.2017-11-09not yet calculatedCVE-2017-11309 CONFIRM MISC MISC BID EXPLOIT-DBbackintime -- backintime *backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.2017-11-08not yet calculatedCVE-2017-16667 CONFIRM CONFIRM CONFIRMbludit -- bludit *In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.2017-11-06not yet calculatedCVE-2017-16636 MISCbolt_technology -- bolt *Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.2017-11-09not yet calculatedCVE-2017-16754 BID MISC MISCbrother -- debut_software *The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568.2017-11-09not yet calculatedCVE-2017-16249 MISC EXPLOIT-DBcacti -- cacti *Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.2017-11-08not yet calculatedCVE-2017-16660 MISCcacti -- cacti *Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.2017-11-08not yet calculatedCVE-2017-16661 MISCcacti -- cacti *Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.2017-11-10not yet calculatedCVE-2017-16785 MISCcacti -- cacti *lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.2017-11-07not yet calculatedCVE-2017-16641 CONFIRMcesanta -- mongoose *An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2892 MISCcesanta -- mongoose *An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2891 MISCcesanta -- mongoose *An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2922 MISCcesanta -- mongoose *An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2921 MISCcesanta -- mongoose *An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2895 MISCcesanta -- mongoose *An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2893 MISCcesanta -- mongoose *An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2894 MISCcesanta -- mongoose *An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2909 MISCcms_made_simple -- cms_made_simple *In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16784 MISCcms_made_simple -- cms_made_simple *In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16783 MISCconfire -- confire *An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16763 MISCcumulus_networks -- linux *bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).2017-11-08not yet calculatedCVE-2017-15865 CONFIRM CONFIRM CONFIRM CONFIRMd-link -- dwr-933_device *XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.2017-11-10not yet calculatedCVE-2017-16765 MISCdatto -- backup_agent *Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."2017-11-08not yet calculatedCVE-2017-16673 CONFIRMdatto -- windows_agent *Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.2017-11-08not yet calculatedCVE-2017-16674 CONFIRMdisney -- circleAn exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2916 MISCdisney -- circleAn exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2898 MISCdisney -- circle *An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12094 MISCdisney -- circle *An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2913 MISCdisney -- circle *An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2917 MISCdisney -- circle *An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2911 MISCdisney -- circle *An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2881 MISCdisney -- circle *An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12083 MISCdisney -- circle *An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12085 MISCdisney -- circle *An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2914 MISCdisney -- circle *A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.2017-11-07not yet calculatedCVE-2017-12084 MISCdisney -- circle *An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2912 MISCdisney -- circle *An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2884 MISCdisney -- circle *An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2889 MISCdisney -- circle *An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2864 MISCdisney -- circle *An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2883 MISCdisney -- circle *An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2866 MISCdisney -- circle *An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2865 MISCdisney -- circle *An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2882 MISCdisney -- circle *An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2915 MISCdisney -- circle *An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2890 MISCdisney -- circle *An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12096 MISCdjango_make_app -- django_make_app *An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16764 MISCdocker -- moby *The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.2017-11-04not yet calculatedCVE-2017-16539 MISC MISC MISC MISC MISCdrupal -- drupal *Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.2017-11-06not yet calculatedCVE-2015-7878 MISCffmpeg -- ffmpeg *The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.2017-11-06not yet calculatedCVE-2017-15672 CONFIRM MLIST BIDforcepoint -- triton_ap-email *TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.2017-11-06not yet calculatedCVE-2017-11177 CONFIRMgentoo -- gentoo *The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.2017-11-06not yet calculatedCVE-2017-16638 CONFIRMgentoo -- gentoo *The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.2017-11-08not yet calculatedCVE-2017-16659 CONFIRMgraphicsmagick -- graphicsmagick *coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.2017-11-08not yet calculatedCVE-2017-16669 MISC MISC MISC MISC MISC MISC MISC MISC MISChashicorp -- vagrant *In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.2017-11-06not yet calculatedCVE-2017-16001 MISChola -- hola *Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.2017-11-09not yet calculatedCVE-2017-16757 MISChome_assistant -- home_assistant *In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.2017-11-10not yet calculatedCVE-2017-16782 CONFIRMhpe -- content_manager_workgroup_service *A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).2017-11-08not yet calculatedCVE-2017-14360 CONFIRMinedo -- buildmasterInedo BuildMaster before 5.8.2 has XSS.2017-11-10not yet calculatedCVE-2017-16760 CONFIRM CONFIRMinedo -- buildmaster *In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.2017-11-10not yet calculatedCVE-2017-16521 MISC MISC MISC MISC MISCinedo -- buildmaster *An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.2017-11-10not yet calculatedCVE-2017-16761 CONFIRM CONFIRM CONFIRMinedo -- buildmaster *Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.2017-11-10not yet calculatedCVE-2017-16520 CONFIRM CONFIRM CONFIRMingenious -- school_management_system */view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.2017-11-07not yet calculatedCVE-2017-16561 EXPLOIT-DBinpage -- inpage *Special crafted InPage document leads to arbitrary code execution in InPage reader.2017-11-08not yet calculatedCVE-2017-12824 MISCipswitch -- ws_ftp_professional *Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.2017-11-03not yet calculatedCVE-2017-16513 MISC MISC EXPLOIT-DBitext -- itext *The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.2017-11-08not yet calculatedCVE-2017-9096 BUGTRAQ MISCjoomla! -- joomla! *In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.2017-11-09not yet calculatedCVE-2017-16634 BID SECTRACK CONFIRMjoomla! -- joomla! *In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.2017-11-09not yet calculatedCVE-2017-16633 BID SECTRACK CONFIRMkabona_ab -- webdatorcentral *A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.2017-11-07not yet calculatedCVE-2016-0872 MISCkeystonejs -- keystonejs *KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.2017-11-06not yet calculatedCVE-2017-16570 MISC MISC MISClibebml2 -- libebml2 *The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12800 MISC FULLDISC CONFIRMlibebml2 -- libebml2 *The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12801 MISC FULLDISC CONFIRMlibebml2 -- libebml2 *The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12802 MISC FULLDISC CONFIRMlibebml2 -- libebml2 *The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12783 MISC FULLDISC CONFIRMlibebml2 -- libebml2 *The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12781 MISC FULLDISC CONFIRMlibebml2 -- libebml2 *The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12782 MISC FULLDISC CONFIRMlibebml2 -- libebml2 *The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12780 MISC FULLDISC CONFIRMlibrenms -- librenms *The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.2017-11-09not yet calculatedCVE-2017-16759 CONFIRM CONFIRM CONFIRM CONFIRMlinux -- linux_kernel *The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.2017-11-06not yet calculatedCVE-2017-15306 MISC MISC MISC BID MISClinux -- linux_kernel *The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16650 MISC MISClinux -- linux_kernel *The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16644 MISC MISClinux -- linux_kernel *The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16643 MISC BID MISC MISClinux -- linux_kernel *The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16645 BID MISC MISClinux -- linux_kernel *drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16646 MISC MISClinux -- linux_kernel *The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.2017-11-07not yet calculatedCVE-2017-16648 BID MISC MISClinux -- linux_kernel *drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16647 BID MISC MISClinux -- linux_kernel *The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16649 BID MISC MISClogitech -- media_server *Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."2017-11-09not yet calculatedCVE-2017-16567 EXPLOIT-DBlogitech -- media_server *Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.2017-11-09not yet calculatedCVE-2017-16568 EXPLOIT-DBmanageengine -- applications_manager *Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.2017-11-05not yet calculatedCVE-2017-16543 MISC EXPLOIT-DBmanageengine -- applications_manager *Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.2017-11-05not yet calculatedCVE-2017-16542 MISC EXPLOIT-DBmanageengine -- servicedesk *The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11512 MISCmanageengine -- servicedesk *The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11511 MISCmatroska -- mkvalidator *The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12779 MISC FULLDISC CONFIRMmetalgenix -- genixcms *Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.2017-11-08not yet calculatedCVE-2015-3933 CONFIRM EXPLOIT-DBmitrastar -- gpt-2541gnac_router *MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.2017-11-03not yet calculatedCVE-2017-16523 BID MISC EXPLOIT-DBmkclean -- mkclean *The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12803 MISC FULLDISC CONFIRMmlalchemy -- mlalchemy *An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16615 CONFIRM CONFIRM MISCmybb_group -- mybb *The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.2017-11-10not yet calculatedCVE-2017-16780 CONFIRMmybb_group -- mybb *The installer in MyBB before 1.8.13 has XSS.2017-11-10not yet calculatedCVE-2017-16781 CONFIRMnetapp -- clustered_data_ontap *NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.2017-11-09not yet calculatedCVE-2017-5201 BID CONFIRMnetapp -- oncommand_unified_manager *NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.2017-11-09not yet calculatedCVE-2017-11461 BID CONFIRMnetiq -- imanager *Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.2017-11-06not yet calculatedCVE-2017-7425 CONFIRM CONFIRM CONFIRM CONFIRMowlmixin -- owlmixin *An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16618 CONFIRM CONFIRM MISCperl -- perl *The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.2017-11-07not yet calculatedCVE-2008-7319 MISC MISC MISC MISCphp -- php *In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.2017-11-07not yet calculatedCVE-2017-16642 CONFIRM CONFIRM BID CONFIRM CONFIRM CONFIRMpyanyapi -- pyanyapi *An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16616 CONFIRM CONFIRM MISC CONFIRMred_hat -- enterprise_linux *It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15087 BID CONFIRMred_hat -- enterprise_linux *It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15086 BID CONFIRMred_hat -- enterprise_linux *It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15085 BID CONFIRMred_hat -- multiple_products *Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2017-11-09not yet calculatedCVE-2015-7501 BID SECTRACK SECTRACK SECTRACK SECTRACK CONFIRM CONFIRM CONFIRM CONFIRMremobjects -- remobjects *RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.2017-11-08not yet calculatedCVE-2017-16665 CONFIRMroundcube -- roundcube *Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.2017-11-09not yet calculatedCVE-2017-16651 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM DEBIANrsync -- rsync *The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.2017-11-06not yet calculatedCVE-2017-16548 CONFIRM CONFIRMsam2p -- sam2p *In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.2017-11-08not yet calculatedCVE-2017-16663 CONFIRMsamsung -- srn-1670d *Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.2017-11-06not yet calculatedCVE-2017-16524 MISCsanic -- sanic *Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.2017-11-10not yet calculatedCVE-2017-16762 CONFIRM CONFIRMsavitech_corp -- savitech_drivers *Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."2017-11-09not yet calculatedCVE-2017-9758 BID MISC CERT-VN MISCsiemens -- simatic_pcs_7 *An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.2017-11-06not yet calculatedCVE-2017-14023 BID SECTRACK MISCsos -- sos *sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.2017-11-06not yet calculatedCVE-2015-7529 BID UBUNTU MISC MISC CONFIRM CONFIRMsuse -- suse_linux_enterprise_desktop *The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.2017-11-09not yet calculatedCVE-2017-15638 SUSEswftools -- swftools *The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.2017-11-09not yet calculatedCVE-2017-16711 MISCsymantec -- endpoint_protection *Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.2017-11-06not yet calculatedCVE-2017-13680 BID CONFIRMsymantec -- endpoint_protection *Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.2017-11-06not yet calculatedCVE-2017-6331 BID CONFIRMsymantec -- endpoint_protection *Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.2017-11-06not yet calculatedCVE-2017-13681 BID CONFIRMsynology -- carddav_server *An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.2017-11-07not yet calculatedCVE-2017-15887 CONFIRMtinywebgallery -- tinywebgallery *In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.2017-11-06not yet calculatedCVE-2017-16635 MISCtor -- browser *Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.2017-11-04not yet calculatedCVE-2017-16541 BID MISC MISC MISC MISC MISCtrihedral -- vtscada *An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.2017-11-06not yet calculatedCVE-2017-14029 MISCtrihedral -- vtscada *An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.2017-11-06not yet calculatedCVE-2017-14031 MISCvectura -- perfect_privacy_vpn_manager *In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.2017-11-06not yet calculatedCVE-2017-16637 MISC MISCvonage/grandstream -- ht802_device *Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.2017-11-06not yet calculatedCVE-2017-16563 MISCvonage/grandstream -- ht802_device *Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.2017-11-06not yet calculatedCVE-2017-16565 MISCvonage/grandstream -- ht802_device *Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).2017-11-06not yet calculatedCVE-2017-16564 MISCwordpress -- wordpress *The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.2017-11-09not yet calculatedCVE-2017-16562 CONFIRM EXPLOIT-DBwordpress -- wordpress *Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.2017-11-09not yet calculatedCVE-2017-16758 MISC MISC MISCzurmo -- zurmo *An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-16569 MISCzurmo -- zurmo *Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-15039 @#430#Back to top This product is provided subject to this Notification and this Privacy & Use policy. More... |
Sponsored Links |
|