SB17-317: Vulnerability Summary for the Week of November 6, 2017

The Patriot · #1 11-16-2017, 09:01 AM

SB17-317: Vulnerability Summary for the Week of November 6, 2017

11-13-2017 03:36 AM

Original release date: November 13, 2017
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

*

High Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no high vulnerabilities recorded this week.Back to top
*

Medium Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infographicsmagick -- graphicsmagickThe ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image.2017-11-056.8 CVE-2017-16545
CONFIRM
CONFIRMgraphicsmagick -- graphicsmagickThe DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file.2017-11-066.8 CVE-2017-16547
CONFIRM
CONFIRMimagemagick -- imagemagickThe ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.2017-11-056.8 CVE-2017-16546
CONFIRM
CONFIRM
@#21#Back to top
*

Low Vulnerabilities

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch InfoThere were no low vulnerabilities recorded this week.Back to top
*

Severity Not Yet Assigned

Primary
Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoabb -- fox515t
*An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server.2017-11-06not yet calculatedCVE-2017-14025
BID
MISCadvantech -- webaccess
*An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable.2017-11-06not yet calculatedCVE-2017-12719
BID
MISCadvantech -- webaccess
*A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.2017-11-06not yet calculatedCVE-2017-14016
BID
MISCasterisk -- open_source_certified_asterisk
*A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.2017-11-08not yet calculatedCVE-2017-16671
CONFIRM
BID
CONFIRMasterisk -- open_source_certified_asterisk
*An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.2017-11-08not yet calculatedCVE-2017-16672
CONFIRM
BID
CONFIRMavaya -- ip_office_contact_center
*Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.2017-11-09not yet calculatedCVE-2017-12969
CONFIRM
MISC
MISC
FULLDISC
BID
EXPLOIT-DBavaya -- ip_office
*Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response.2017-11-09not yet calculatedCVE-2017-11309
CONFIRM
MISC
MISC
BID
EXPLOIT-DBbackintime -- backintime
*backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.2017-11-08not yet calculatedCVE-2017-16667
CONFIRM
CONFIRM
CONFIRMbludit -- bludit
*In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts.2017-11-06not yet calculatedCVE-2017-16636
MISCbolt_technology -- bolt
*Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php.2017-11-09not yet calculatedCVE-2017-16754
BID
MISC
MISCbrother -- debut_software
*The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568.2017-11-09not yet calculatedCVE-2017-16249
MISC
EXPLOIT-DBcacti -- cacti
*Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.2017-11-08not yet calculatedCVE-2017-16660
MISCcacti -- cacti
*Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.2017-11-08not yet calculatedCVE-2017-16661
MISCcacti -- cacti
*Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.2017-11-10not yet calculatedCVE-2017-16785
MISCcacti -- cacti
*lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.2017-11-07not yet calculatedCVE-2017-16641
CONFIRMcesanta -- mongoose
*An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2892
MISCcesanta -- mongoose
*An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2891
MISCcesanta -- mongoose
*An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2922
MISCcesanta -- mongoose
*An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2921
MISCcesanta -- mongoose
*An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2895
MISCcesanta -- mongoose
*An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2893
MISCcesanta -- mongoose
*An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2894
MISCcesanta -- mongoose
*An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2909
MISCcms_made_simple -- cms_made_simple
*In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16784
MISCcms_made_simple -- cms_made_simple
*In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.2017-11-10not yet calculatedCVE-2017-16783
MISCconfire -- confire
*An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16763
MISCcumulus_networks -- linux
*bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).2017-11-08not yet calculatedCVE-2017-15865
CONFIRM
CONFIRM
CONFIRM
CONFIRMd-link -- dwr-933_device
*XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.2017-11-10not yet calculatedCVE-2017-16765
MISCdatto -- backup_agent
*Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified "specific information" by which the agent identifies a network device that is "appearing to be a valid Datto."2017-11-08not yet calculatedCVE-2017-16673
CONFIRMdatto -- windows_agent
*Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this "primary/secondary" attack with the CVE-2017-16673 "rogue pairing" attack to achieve unauthenticated access to all agent machines running these older DWA versions.2017-11-08not yet calculatedCVE-2017-16674
CONFIRMdisney -- circleAn exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2916
MISCdisney -- circleAn exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2898
MISCdisney -- circle
*An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12094
MISCdisney -- circle
*An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2913
MISCdisney -- circle
*An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2917
MISCdisney -- circle
*An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2911
MISCdisney -- circle
*An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2881
MISCdisney -- circle
*An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12083
MISCdisney -- circle
*An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12085
MISCdisney -- circle
*An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2914
MISCdisney -- circle
*A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server.2017-11-07not yet calculatedCVE-2017-12084
MISCdisney -- circle
*An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2912
MISCdisney -- circle
*An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2884
MISCdisney -- circle
*An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2889
MISCdisney -- circle
*An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2864
MISCdisney -- circle
*An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2883
MISCdisney -- circle
*An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2866
MISCdisney -- circle
*An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2865
MISCdisney -- circle
*An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2882
MISCdisney -- circle
*An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2915
MISCdisney -- circle
*An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-2890
MISCdisney -- circle
*An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed "deauth" packets to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-12096
MISCdjango_make_app -- django_make_app
*An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-10not yet calculatedCVE-2017-16764
MISCdocker -- moby
*The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.2017-11-04not yet calculatedCVE-2017-16539
MISC
MISC
MISC
MISC
MISCdrupal -- drupal
*Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names.2017-11-06not yet calculatedCVE-2015-7878
MISCffmpeg -- ffmpeg
*The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read.2017-11-06not yet calculatedCVE-2017-15672
CONFIRM
MLIST
BIDforcepoint -- triton_ap-email
*TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory.2017-11-06not yet calculatedCVE-2017-11177
CONFIRMgentoo -- gentoo
*The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.2017-11-06not yet calculatedCVE-2017-16638
CONFIRMgentoo -- gentoo
*The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.2017-11-08not yet calculatedCVE-2017-16659
CONFIRMgraphicsmagick -- graphicsmagick
*coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.2017-11-08not yet calculatedCVE-2017-16669
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISChashicorp -- vagrant
*In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.2017-11-06not yet calculatedCVE-2017-16001
MISChola -- hola
*Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.2017-11-09not yet calculatedCVE-2017-16757
MISChome_assistant -- home_assistant
*In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.2017-11-10not yet calculatedCVE-2017-16782
CONFIRMhpe -- content_manager_workgroup_service
*A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).2017-11-08not yet calculatedCVE-2017-14360
CONFIRMinedo -- buildmasterInedo BuildMaster before 5.8.2 has XSS.2017-11-10not yet calculatedCVE-2017-16760
CONFIRM
CONFIRMinedo -- buildmaster
*In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.2017-11-10not yet calculatedCVE-2017-16521
MISC
MISC
MISC
MISC
MISCinedo -- buildmaster
*An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.2017-11-10not yet calculatedCVE-2017-16761
CONFIRM
CONFIRM
CONFIRMinedo -- buildmaster
*Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.2017-11-10not yet calculatedCVE-2017-16520
CONFIRM
CONFIRM
CONFIRMingenious -- school_management_system
*/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET request.2017-11-07not yet calculatedCVE-2017-16561
EXPLOIT-DBinpage -- inpage
*Special crafted InPage document leads to arbitrary code execution in InPage reader.2017-11-08not yet calculatedCVE-2017-12824
MISCipswitch -- ws_ftp_professional
*Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729.2017-11-03not yet calculatedCVE-2017-16513
MISC
MISC
EXPLOIT-DBitext -- itext
*The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.2017-11-08not yet calculatedCVE-2017-9096
BUGTRAQ
MISCjoomla! -- joomla!
*In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.2017-11-09not yet calculatedCVE-2017-16634
BID
SECTRACK
CONFIRMjoomla! -- joomla!
*In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site's custom fields to unauthorized users.2017-11-09not yet calculatedCVE-2017-16633
BID
SECTRACK
CONFIRMkabona_ab -- webdatorcentral
*A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.2017-11-07not yet calculatedCVE-2016-0872
MISCkeystonejs -- keystonejs
*KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.2017-11-06not yet calculatedCVE-2017-16570
MISC
MISC
MISClibebml2 -- libebml2
*The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12800
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
*The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12801
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
*The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12802
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
*The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12783
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
*The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12781
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
*The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12782
MISC
FULLDISC
CONFIRMlibebml2 -- libebml2
*The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12780
MISC
FULLDISC
CONFIRMlibrenms -- librenms
*The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.2017-11-09not yet calculatedCVE-2017-16759
CONFIRM
CONFIRM
CONFIRM
CONFIRMlinux -- linux_kernel
*The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.2017-11-06not yet calculatedCVE-2017-15306
MISC
MISC
MISC
BID
MISClinux -- linux_kernel
*The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16650
MISC
MISClinux -- linux_kernel
*The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16644
MISC
MISClinux -- linux_kernel
*The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16643
MISC
BID
MISC
MISClinux -- linux_kernel
*The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16645
BID
MISC
MISClinux -- linux_kernel
*drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16646
MISC
MISClinux -- linux_kernel
*The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.2017-11-07not yet calculatedCVE-2017-16648
BID
MISC
MISClinux -- linux_kernel
*drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16647
BID
MISC
MISClinux -- linux_kernel
*The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.2017-11-07not yet calculatedCVE-2017-16649
BID
MISC
MISClogitech -- media_server
*Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a "favorite."2017-11-09not yet calculatedCVE-2017-16567
EXPLOIT-DBlogitech -- media_server
*Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL.2017-11-09not yet calculatedCVE-2017-16568
EXPLOIT-DBmanageengine -- applications_manager
*Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.2017-11-05not yet calculatedCVE-2017-16543
MISC
EXPLOIT-DBmanageengine -- applications_manager
*Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.2017-11-05not yet calculatedCVE-2017-16542
MISC
EXPLOIT-DBmanageengine -- servicedesk
*The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11512
MISCmanageengine -- servicedesk
*The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.2017-11-08not yet calculatedCVE-2017-11511
MISCmatroska -- mkvalidator
*The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12779
MISC
FULLDISC
CONFIRMmetalgenix -- genixcms
*Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.2017-11-08not yet calculatedCVE-2015-3933
CONFIRM
EXPLOIT-DBmitrastar -- gpt-2541gnac_router
*MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.2017-11-03not yet calculatedCVE-2017-16523
BID
MISC
EXPLOIT-DBmkclean -- mkclean
*The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.2017-11-09not yet calculatedCVE-2017-12803
MISC
FULLDISC
CONFIRMmlalchemy -- mlalchemy
*An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16615
CONFIRM
CONFIRM
MISCmybb_group -- mybb
*The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.2017-11-10not yet calculatedCVE-2017-16780
CONFIRMmybb_group -- mybb
*The installer in MyBB before 1.8.13 has XSS.2017-11-10not yet calculatedCVE-2017-16781
CONFIRMnetapp -- clustered_data_ontap
*NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064.2017-11-09not yet calculatedCVE-2017-5201
BID
CONFIRMnetapp -- oncommand_unified_manager
*NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or "UI redress attack" which could be used to cause a user to perform an unintended action in the user interface.2017-11-09not yet calculatedCVE-2017-11461
BID
CONFIRMnetiq -- imanager
*Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2.2017-11-06not yet calculatedCVE-2017-7425
CONFIRM
CONFIRM
CONFIRM
CONFIRMowlmixin -- owlmixin
*An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16618
CONFIRM
CONFIRM
MISCperl -- perl
*The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.2017-11-07not yet calculatedCVE-2008-7319
MISC
MISC
MISC
MISCphp -- php
*In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145.2017-11-07not yet calculatedCVE-2017-16642
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRMpyanyapi -- pyanyapi
*An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability.2017-11-07not yet calculatedCVE-2017-16616
CONFIRM
CONFIRM
MISC
CONFIRMred_hat -- enterprise_linux
*It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15087
BID
CONFIRMred_hat -- enterprise_linux
*It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15086
BID
CONFIRMred_hat -- enterprise_linux
*It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.2017-11-08not yet calculatedCVE-2017-15085
BID
CONFIRMred_hat -- multiple_products
*Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2017-11-09not yet calculatedCVE-2015-7501
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRMremobjects -- remobjects
*RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.2017-11-08not yet calculatedCVE-2017-16665
CONFIRMroundcube -- roundcube
*Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests.2017-11-09not yet calculatedCVE-2017-16651
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIANrsync -- rsync
*The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.2017-11-06not yet calculatedCVE-2017-16548
CONFIRM
CONFIRMsam2p -- sam2p
*In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.2017-11-08not yet calculatedCVE-2017-16663
CONFIRMsamsung -- srn-1670d
*Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.2017-11-06not yet calculatedCVE-2017-16524
MISCsanic -- sanic
*Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring.2017-11-10not yet calculatedCVE-2017-16762
CONFIRM
CONFIRMsavitech_corp -- savitech_drivers
*Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."2017-11-09not yet calculatedCVE-2017-9758
BID
MISC
CERT-VN
MISCsiemens -- simatic_pcs_7
*An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface.2017-11-06not yet calculatedCVE-2017-14023
BID
SECTRACK
MISCsos -- sos
*sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.2017-11-06not yet calculatedCVE-2015-7529
BID
UBUNTU
MISC
MISC
CONFIRM
CONFIRMsuse -- suse_linux_enterprise_desktop
*The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.2017-11-09not yet calculatedCVE-2017-15638
SUSEswftools -- swftools
*The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.2017-11-09not yet calculatedCVE-2017-16711
MISCsymantec -- endpoint_protection
*Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.2017-11-06not yet calculatedCVE-2017-13680
BID
CONFIRMsymantec -- endpoint_protection
*Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients.2017-11-06not yet calculatedCVE-2017-6331
BID
CONFIRMsymantec -- endpoint_protection
*Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack.2017-11-06not yet calculatedCVE-2017-13681
BID
CONFIRMsynology -- carddav_server
*An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.2017-11-07not yet calculatedCVE-2017-15887
CONFIRMtinywebgallery -- tinywebgallery
*In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create.2017-11-06not yet calculatedCVE-2017-16635
MISCtor -- browser
*Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.2017-11-04not yet calculatedCVE-2017-16541
BID
MISC
MISC
MISC
MISC
MISCtrihedral -- vtscada
*An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine.2017-11-06not yet calculatedCVE-2017-14029
MISCtrihedral -- vtscada
*An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.2017-11-06not yet calculatedCVE-2017-14031
MISCvectura -- perfect_privacy_vpn_manager
*In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a "FrmAdvancedProtection" crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the "FrmAdvancedProtection" component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers.2017-11-06not yet calculatedCVE-2017-16637
MISC
MISCvonage/grandstream -- ht802_device
*Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update.2017-11-06not yet calculatedCVE-2017-16563
MISCvonage/grandstream -- ht802_device
*Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.2017-11-06not yet calculatedCVE-2017-16565
MISCvonage/grandstream -- ht802_device
*Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148).2017-11-06not yet calculatedCVE-2017-16564
MISCwordpress -- wordpress
*The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI.2017-11-09not yet calculatedCVE-2017-16562
CONFIRM
EXPLOIT-DBwordpress -- wordpress
*Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "access_token" parameter.2017-11-09not yet calculatedCVE-2017-16758
MISC
MISC
MISCzurmo -- zurmo
*An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-16569
MISCzurmo -- zurmo
*Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.2017-11-06not yet calculatedCVE-2017-15039
@#430#Back to top
This product is provided subject to this Notification and this Privacy & Use policy.

More...