Waaxe.com - Security Site waaxe.com - In memory of Ponca Chief Standing Bear waaxe.com - Chief Standing Bear In memory of Ponca Chief Standing Bear  

RSS CVE - US National Vulnerability Database

Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.

CVE-2012-0699 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0699

SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.

CVE-2012-2576 (backup_profiler, storage_manager, storage_profiler) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2576

Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.

CVE-2012-6667 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6667

Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/doreport.php or (2) modnotes parameter in actions/updatereport.php.

CVE-2012-6668 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6668

Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) actions/requestmedal.php.

CVE-2012-6670 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6670

Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) monster[title] or (2) monster[description] parameters.

CVE-2012-6671 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6671

Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.

CVE-2012-6682 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6682

The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.

CVE-2014-0087 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0087

Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

CVE-2014-0120 (hawtio, jboss_fuse) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0120

The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

CVE-2014-0121 (hawtio, jboss_fuse) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0121

Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices.

CVE-2014-3471 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3471

XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data.

CVE-2014-3630 (play) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3630

JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.

CVE-2014-3651 (keycloak) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3651

Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.

CVE-2014-5068 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5068

Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.

CVE-2014-5070 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5070

cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request.

CVE-2014-6435 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6435

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login.

CVE-2014-6436 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6436

Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.

CVE-2014-6437 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6437

The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.

CVE-2014-7952 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7952

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.

CVE-2014-8166 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8166

cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.

CVE-2014-8389 (bu-2015_firmware, bu-3026_firmware, md-3025_firmware, poe-200cam_v2_firmware, wl-2000cam_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8389

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.

CVE-2015-2298 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2298

The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2015-2981 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2981

The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."

CVE-2015-3302 (thecartpress_ecommerce_shopping_cart) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3302

SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters.

CVE-2015-3637 (phpmybackuppro) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3637

Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls to arbitrary numbers via spaces in a tel: URL.

CVE-2015-3888 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3888

The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."

CVE-2015-6237 (ip360) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6237

Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment.

CVE-2015-7324 (komento) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7324

Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter.

CVE-2015-7666 (payment_form_for_paypal_pro) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7666

Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter related to "upload file functionality."

CVE-2015-7669 (easy2map) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7669

The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.

CVE-2015-8008 (fedora, mediawiki) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8008

An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost.

CVE-2015-9246 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9246

An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html.

CVE-2015-9247 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9247

An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager.

CVE-2015-9248 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9248

An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element.

CVE-2015-9249 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9249

An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter.

CVE-2015-9250 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9250

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to execute arbitrary code with administrator privileges via unspecified vectors. IBM X-Force ID: 111640.

CVE-2016-0324 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0324

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643.

CVE-2016-0327 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0327

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695.

CVE-2016-0332 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0332

Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. IBM X-Force ID: 111736.

CVE-2016-0335 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0335

Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.

CVE-2016-0336 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0336

Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.

CVE-2016-10704 (magento) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10704

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

CVE-2016-10705 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10705

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

CVE-2016-10706 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10706

An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810.

CVE-2017-0846 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0846

In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857.

CVE-2017-0855 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0855

NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869.

CVE-2017-0869 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0869

Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.

CVE-2017-1000437 (gravity) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000437

Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace

CVE-2017-1000442 (passbolt_api) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000442

Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution

CVE-2017-1000444 (openhacker) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000444

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.

CVE-2017-1000470 (goahead_web_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000470

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.

CVE-2017-1000476 (imagemagick) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000476

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.

CVE-2017-1000488 (mautic) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000488

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

CVE-2017-1000490 (mautic) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000490

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs.

CVE-2017-11072 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11072

A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.

CVE-2017-11562 (senhasegura) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11562

An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.

CVE-2017-1191 (rational_collaborative_lifecycle_management, rational_doors_next_generation, rational_engineering_lifecycle_manager, rational_quality_manager, rational_rhapsody_design_manager, rational_software_architect_design_manager, rational_team_concert) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1191

A vulnerability has been identified in the following Siemens products: RUGGEDCOM ROS for RSL910 devices: All versions < ROS v5.0.1, RUGGEDCOM ROS for all other devices: All versions < ROS v4.3.4, SCALANCE XB-200/XC-200/XP-200/XR300-WG: All versions >= v3.0, SCALANCE XR-500/XM-400: All versions >= v6.1. After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions, potentially allowing users located in the adjacent network of the targeted device to perform unauthorized administrative actions.

CVE-2017-12736 (ruggedcom_ros, scalance_xb-200_firmware, scalance_xc-200_firmware, scalance_xm-400_firmware, scalance_xp-200_firmware, scalance_xr-500_firmware, scalance_xr300-wg_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12736

A vulnerability has been identified in the following Siemens industrial products: SIMATIC S7-200 Smart: All versions < V2.03.01, SIMATIC S7-400 PN V6: All versions < V6.0.6, SIMATIC S7-400 H V6: All versions < 6.0.8, SIMATIC S7-400 PN/DP V7: All versions, SIMATIC S7-410 V8: All versions, SIMATIC S7-300: All versions, SIMATIC S7-1200: All versions, SIMATIC S7-1500: All versions < 2.0, SIMATIC S7-1500 Software Controller: All versions < 2.0, SIMATIC WinAC RTX 2010 incl. F: All versions, SIMATIC ET 200AL: All versions, SIMATIC ET 200ecoPN: All versions, SIMATIC ET 200M: All versions, SIMATIC ET 200MP: All versions, SIMATIC ET 200pro: All versions, SIMATIC ET 200S: All versions, SIMATIC ET 200SP: All versions, DK Standard Ethernet Controller: All versions, EK-ERTEC 200P: All versions < V4.5, EK-ERTEC 200 PN IO: All versions, SIMOTION D: All versions < V5.1 HF1, SIMOTION C: All versions < V5.1 HF1, SIMOTION P: All versions < V5.1 HF1, SINAMICS DCM: All versions, SINAMICS DCP: All versions, SINAMICS G110M / G120(C/P/D) w. PN: All versions < V4.7 SP9 HF1, SINAMICS G130 and G150: All versions, SINAMICS S110 w. PN: All versions, SINAMICS S120: All versions, SINAMICS S150 V4.7 and V4.8: All versions, SINAMICS V90 w. PN: All versions, SINUMERIK 840D sl: All versions, SIMATIC Compact Field Unit: All versions, SIMATIC PN/PN Coupler: All versions, SIMOCODE pro V PROFINET: All versions, SIRIUS Soft starter 3RW44 PN: All versions. Specially crafted packets sent to port 161/UDP could cause a Denial-of-Service condition. The affected devices must be restarted manually.

CVE-2017-12741 (dk_standard_ethernet_controller_firmware, ek-ertec_200p_firmware, ek-ertec_200pn_io_firmware, simatic_compact_field_unit_firmware, simatic_et_200al_firmware, simatic_et_200ecopn_firmware, simatic_et_200m_firmware, simatic_et_200mp_firmware, simatic_et_200pro_firmware, simatic_et_200s_firmware, simatic_et_200sp_firmware, simatic_pn/pn_coupler_firmware, simatic_s7-1200_firmware, simatic_s7-1500_controller_firmware, simatic_s7-1500_firmware, simatic_s7-200_firmware, simatic_s7-300_firmware, simatic_s7-400h_v6_firmware, simatic_s7-400pn/dp_v7_firmware, simatic_s7-400pn_v6_firmware, simatic_s7-410_v8_firmware, simatic_winac_rtx_f_2010_firmware, simocode_pro_v_profinet_firmware, simotion_c_firmware, simotion_d_firmware, simotion_p_firmware, sinamics_dcm_firmware, sinamics_dcp_firmware, sinamics_g110m/g120pn_firmware, sinamics_g130_firmware, sinamics_g150_firmware, sinamics_s110pn_firmware, sinamics_s120_firmware, sinamics_s150_v4.7_firmware, sinamics_s150_v4.8_firmware, sinamics_v90pn_firmware, sinumerik_840d_sl_firmware, sirius_soft_starter_3rw44pn_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12741

PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.

CVE-2017-12810 (phpjabbers_newsletter_script) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12810

PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.

CVE-2017-12811 (phpjabbers_star_rating_script) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12811

PHPJabbers Night Club Booking Software has stored XSS in the name parameter in the reservations tab.

CVE-2017-12812 (phpjabbers_night_club_booking_software) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12812

PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.

CVE-2017-12813 (phpjabbers_file_sharing_script) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12813

In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964.

CVE-2017-13176 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13176

In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413.

CVE-2017-13177 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13177

In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281.

CVE-2017-13178 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13178

In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193.

CVE-2017-13179 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13179

In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349.

CVE-2017-13180 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13180

In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232.

CVE-2017-13181 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13181

In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022.

CVE-2017-13182 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13182

In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127.

CVE-2017-13183 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13183

In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324.

CVE-2017-13184 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13184

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471.

CVE-2017-13185 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13185

A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716.

CVE-2017-13186 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13186

An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175.

CVE-2017-13187 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13187

An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786.

CVE-2017-13188 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13188

A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072.

CVE-2017-13189 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13189

A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873.

CVE-2017-13190 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13190

In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403.

CVE-2017-13191 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13191

In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.

CVE-2017-13192 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13192

In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.

CVE-2017-13193 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13193

A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201.

CVE-2017-13194 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13194

In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.

CVE-2017-13195 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13195

In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067.

CVE-2017-13196 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13196

In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973.

CVE-2017-13197 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13197

A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117.

CVE-2017-13198 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13198

In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679.

CVE-2017-13199 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13199

An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526.

CVE-2017-13200 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13200

An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768.

CVE-2017-13201 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13201

An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856.

CVE-2017-13202 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13202

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634.

CVE-2017-13203 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13203

An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237.

CVE-2017-13204 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13204

An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583.

CVE-2017-13205 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13205

An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048.

CVE-2017-13206 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13206

An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426.

CVE-2017-13207 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13207

In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.

CVE-2017-13208 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13208

In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907.

CVE-2017-13209 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13209

In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345.

CVE-2017-13210 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13210

In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158.

CVE-2017-13211 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13211

An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985.

CVE-2017-13212 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13212

An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501.

CVE-2017-13213 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13213

In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900.

CVE-2017-13214 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13214

A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.

CVE-2017-13215 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13215

In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.

CVE-2017-13216 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13216

In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077.

CVE-2017-13217 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13217

Access to CNTVCT_EL0 could be used for side channel attacks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68266545.

CVE-2017-13218 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13218

A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865.

CVE-2017-13219 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13219

An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053.

CVE-2017-13220 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13220

An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938.

CVE-2017-13221 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13221

An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.

CVE-2017-13222 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13222

In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789.

CVE-2017-13225 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13225

An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184.

CVE-2017-13226 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13226

An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path.

CVE-2017-14030 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14030

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.

CVE-2017-14101 (conserus_image_repository) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14101

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.

CVE-2017-14385 (data_domain, data_domain_os) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14385

Bamboo did not check that the name of a branch in a Mercurial repository contained argument parameters. An attacker who has permission to create a repository in Bamboo, edit an existing plan that has a non-linked Mercurialrepository, create or edit a plan when there is at least one linked Mercurial repository that the attacker has permission to use, or commit to a Mercurial repository used by a Bamboo plan which has branch detection enabled can execute code of their choice on systems that run a vulnerable version of Bamboo Server. Versions of Bamboo starting with 2.7.0 before 6.1.6 (the fixed version for 6.1.x) and from 6.2.0 before 6.2.5 (the fixed version for 6.2.x) are affected by this vulnerability.

CVE-2017-14590 (bamboo) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14590

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.

CVE-2017-14594 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14594

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613.

CVE-2017-1478 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1478

A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.

CVE-2017-15103 (enterprise_linux, heketi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15103

An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file.

CVE-2017-15104 (enterprise_linux, heketi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15104

A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().

CVE-2017-15126 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15126

A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

CVE-2017-15127 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15127

A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).

CVE-2017-15128 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15128

AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30; AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200 V200R006C10, V200R006C13, V200R006C16, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30; AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30; SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30; SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an input validation vulnerability in Huawei multiple products. Due to the insufficient input validation, an unauthenticated, remote attacker may craft a malformed Stream Control Transmission Protocol (SCTP) packet and send it to the device, causing the device to read out of bounds and restart.

CVE-2017-15317 (ar120-s_firmware, ar1200-s_firmware, ar1200_firmware, ar150-s_firmware, ar150_firmware, ar160_firmware, ar200-s_firmware, ar200_firmware, ar2200-s_firmware, ar2200_firmware, ar3200_firmware, ar510_firmware, srg1300_firmware, srg2300_firmware, srg3300_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15317

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547.

CVE-2017-1557 (websphere_mq) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1557

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file.

CVE-2017-15613 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15613

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-outif variable in the pptp_client.lua file.

CVE-2017-15614 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15614

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file.

CVE-2017-15615 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15615

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the phddns.lua file.

CVE-2017-15616 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15616

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file.

CVE-2017-15617 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15617

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_client.lua file.

CVE-2017-15618 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15618

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file.

CVE-2017-15619 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15619

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmac_import.lua file.

CVE-2017-15620 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the olmode variable in the interface_wan.lua file.

CVE-2017-15621 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15621

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file.

CVE-2017-15622 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15622

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-enable variable in the pptp_server.lua file.

CVE-2017-15623 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15623

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-authtype variable in the pptp_server.lua file.

CVE-2017-15624 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15624

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-olmode variable in the pptp_client.lua file.

CVE-2017-15625 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15625

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-bindif variable in the pptp_server.lua file.

CVE-2017-15626 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15626

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-pns variable in the pptp_client.lua file.

CVE-2017-15627 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15627

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_server.lua file.

CVE-2017-15628 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15628

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-tunnelname variable in the pptp_client.lua file.

CVE-2017-15629 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15629

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file.

CVE-2017-15630 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15630

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-workmode variable in the pptp_client.lua file.

CVE-2017-15631 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15631

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.

CVE-2017-15632 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15632

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.

CVE-2017-15633 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15633

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.

CVE-2017-15634 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15634

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.

CVE-2017-15635 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15635

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.

CVE-2017-15636 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15636

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.

CVE-2017-15637 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15637

In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.

CVE-2017-16355 (phusion_passenger) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16355

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557.

CVE-2017-1664 (security_key_lifecycle_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1664

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559.

CVE-2017-1665 (security_key_lifecycle_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1665

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636.

CVE-2017-1669 (security_key_lifecycle_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1669

A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands.

CVE-2017-16716 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16716

A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CVE-2017-16717 (levi_studio_hmi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16717

A Path Traversal issue was discovered in WebAccess versions prior to 8.3. An attacker has access to files within the directory structure of the target device.

CVE-2017-16720 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16720

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack.

CVE-2017-16724 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16724

A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible.

CVE-2017-16725 (ahb7004t-g-v4_firmware, ahb7004t-gl-v4_firmware, ahb7004t-gs-v3_firmware, ahb7004t-h-v2_firmware, ahb7004t-lm-v3_firmware, ahb7004t-lme-v3_firmware, ahb7004t-mh-v2_firmware, ahb7004t-mh-v3_firmware, ahb7008f2-g-v4_firmware, ahb7008f2-h_firmware, ahb7008f4-g-v4_firmware, ahb7008f4-h_firmware, ahb7008f8-g-v4_firmware, ahb7008f8-h_firmware, ahb7008t-gl-v4_firmware, ahb7008t-gs-v3_firmware, ahb7008t-h-v2_firmware, ahb7008t-lm-v2_firmware, ahb7008t-lm-v3_firmware, ahb7008t-lme-v3_firmware, ahb7008t-mh-v2_firmware, ahb7008t-mh-v3_firmware, ahb7008t4-h-v2, ahb7008t4-h-v2_firmware, ahb7016f2-gl-v4_firmware, ahb7016f4-gl-v4_firmware, ahb7016f8-gl-v4_firmware, ahb7016f8-gs-v3_firmware, ahb7016t-gs-v3_firmware, ahb7016t-lm-v2_firmware, ahb7016t-lm-v3_firmware, ahb7016t-lme-v3_firmware, ahb7016t-mh-v2_firmware, ahb7016t-mh-v3_firmware, ahb7016t4-gs-v3_firmware, ahb7016t4-mh-v2_firmware, ahb7032f2-gs-v3_firmware, ahb7032f2-lm-v3_firmware, ahb7032f4-gs-v3_firmware, ahb7032f4-lm-v2_firmware, ahb7032f4-lm-v3_firmware, ahb7032f8-gs-v3_firmware, ahb7032f8-lm-v2_firmware, ahb7804r-lm-v3_firmware, ahb7804r-lms-v3_firmware, ahb7804r-mh-v3_firmware, ahb7804r-ms-v3_firmware, ahb7808r-lm-v3_firmware, ahb7808r-mh-v3_firmware, ahb7808r-ms-v3_firmware, ipg-50h10pe-s_firmware, ipg-50h10pe-sl_firmware, ipg-50h10pe-wk-2f_firmware, ipg-50h10pe-wk_firmware, ipg-50h10pe-wp_firmware, ipg-50h10pl-ae_firmware, ipg-50h10pl-b_firmware, ipg-50h10pl-p_firmware, ipg-50h10pl-r_firmware, ipg-50h10pl-s_firmware, ipg-50h20pt-s_firmware, ipg-50hv10pt-a_firmware, ipg-50hv10pt-s_firmware, ipg-50hv10pt-wp_firmware, ipg-50hv10pv-a_firmware, ipg-50hv10pv-s_firmware, ipg-50hv20pes-s_firmware, ipg-50hv20pet-a_firmware, ipg-50hv20pet-s_firmware, ipg-50hv20psa-s_firmware, ipg-50hv20psb-a_firmware, ipg-50hv20psb-s_firmware, ipg-50x10pe-s_firmware, ipg-50x10pt-s_firmware, ipg-52h10pl-b_firmware, ipg-52h10pl-p_firmware, ipg-53h10pe-s_firmware, ipg-53h13p-ae_firmware, ipg-53h13p-b_firmware, ipg-53h13p-p_firmware, ipg-53h13p-s_firmware, ipg-53h13pe-s_firmware, ipg-53h13pe-wk-4f_firmware, ipg-53h13pe-wk_firmware, ipg-53h13pe-wp_firmware, ipg-53h13pes-s_firmware, ipg-53h13pes-sl_firmware, ipg-53h13pet-s_firmware, ipg-53h13pl-ae_firmware, ipg-53h13pl-b_firmware, ipg-53h13pl-p_firmware, ipg-53h13pl-r_firmware, ipg-53h13pl-s_firmware, ipg-53h13pls-s_firmware, ipg-53h20pl-ae_firmware, ipg-53h20pl-b_firmware, ipg-53h20pl-p_firmware, ipg-53h20pl-s_firmware, ipg-53h20py-s_firmware, ipg-53hv13pa-a_firmware, ipg-53hv13pa-s_firmware, ipg-53hv13pa-wp_firmware, ipg-53hv13pt-s_firmware, ipg-53x13pa-s_firmware, ipg-53x13pe-s_firmware, ipg-53x13pt-s_firmware, ipg-54h13pe-s_firmware, ipg-54h20pl-s_firmware, ipg-80h20pt-a_firmware, ipg-80h20pt-s_firmware, ipg-80he20ps-s_firmware, ipg-83h20pa-a_firmware, ipg-83h20pa-s_firmware, ipg-83h20pl-b_firmware, ipg-83h20pl-p_firmware, ipg-83h40af_firmware, ipg-83h40pl-b_firmware, ipg-83h40pl-p_firmware, ipg-83h50p-b_firmware, ipg-83h50p-p_firmware, ipg-hp500nr-s_firmware, ipm-50h10pe-o(r)_firmware, ipm-50h10pe-wr_firmware, ipm-50h10pe-wrc_firmware, ipm-50h10pe-wrm_firmware, ipm-50hv10pt-wr_firmware, ipm-50hv20pe-wr_firmware, ipm-50v10pl-wr_firmware, ipm-50v10pl-wrc_firmware, ipm-53h13pe-wr_firmware, ipm-53h13pe-wrc_firmware, ipm-53h13pe-wrm_firmware, ipm-53hv13pe-wr_firmware, ipm-53v13pl-wr_firmware, ivg-hp203y-ae_firmware, ivg-hp203y-se_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16725

An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash.

CVE-2017-16728 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16728

An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol. An attacker could exploit the vulnerability by sniffing local network traffic, allowing the discovery of authentication credentials.

CVE-2017-16731 (ellipse) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16731

A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address.

CVE-2017-16732 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16732

An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows a remote attacker to upload arbitrary files.

CVE-2017-16736 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16736

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.

CVE-2017-16737 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16737

An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.

CVE-2017-16739 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16739

An Information Exposure issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to use Monitor Mode on the device to read diagnostic information.

CVE-2017-16741 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16741

An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.

CVE-2017-16743 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16743

An Improper Input Validation issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows some inputs that may cause the program to crash.

CVE-2017-16753 (webaccess) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16753

IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.15) could allow a local attacker to obtain sensitive information, caused by improper handling of application requests, which could allow unauthorized access to read a file. IBM X-Force ID: 134003.

CVE-2017-1681 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1681

RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to rgw/rgw_iam_policy.cc, rgw/rgw_basic_types.h, and rgw/rgw_iam_types.h.

CVE-2017-16818 (ceph, fedora) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16818

The IncomingMailServers resource in Atlassian Jira before version 7.6.2 allows remote attackers to modify the "incoming mail" whitelist setting via a Cross-site request forgery (CSRF) vulnerability.

CVE-2017-16862 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16862

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the orderby parameter.

CVE-2017-16864 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16864

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.

CVE-2017-16885 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16885

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services via CSRF can result in an unauthorized change of username or password of the administrator of the portal.

CVE-2017-16886 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16886

The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password.

CVE-2017-16887 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16887

An issue was discovered in the AccessKeys AccessPress Anonymous Post Pro plugin through 3.1.9 for WordPress. Improper input sanitization allows the attacker to override the settings for allowed file extensions and upload file size, related to inc/cores/file-uploader.php and file-uploader/file-uploader-class.php. This allows the attacker to upload anything they want to the server, as demonstrated by an action=ap_file_upload_action&allowedExtensions[]=php request to /wp-admin/admin-ajax.php that results in a .php file upload and resultant PHP code execution.

CVE-2017-16949 (anonymous_post_pro) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16949

IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391.

CVE-2017-1699 (websphere_mq) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1699

Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2017-17010 (content_manager_assistant) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17010

custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.

CVE-2017-17089 (webmin) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17089

Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.

CVE-2017-17105 (pr115-204-p-rs_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17105

Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be obtained by an unauthenticated remote attacker using a standard web /cgi-bin/hi3510/param.cgi?cmd=getuser HTTP request. This vulnerability exists because of a lack of authentication checks in requests to CGI pages.

CVE-2017-17106 (pr115-204-p-rs_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17106

Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.

CVE-2017-17107 (pr115-204-p-rs_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17107

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

CVE-2017-1727 (security_key_lifecycle_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1727

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.

CVE-2017-17382 (application_delivery_controller_firmware, netscaler_gateway_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17382

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134921.

CVE-2017-1739 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1739

IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134922.

CVE-2017-1740 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1740

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

CVE-2017-17476 (debian_linux, otrs) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17476

MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.

CVE-2017-17537 (routerboard) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17537

Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.

CVE-2017-17649 (readymade_video_sharing_script) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17649

In Octopus Deploy before 4.1.3, the machine update process doesn't check that the user has access to all environments. This allows an access-control bypass because the set of environments to which a machine is scoped may include environments in which the user lacks access.

CVE-2017-17665 (octopus_deploy) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17665

An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response.

CVE-2017-17761 (athome_ip_camera_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17761

SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.

CVE-2017-17763 (superbeam) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17763

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.

CVE-2017-17777 (paid_to_read_script) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17777

In Horde Groupware through 5.2.22, SQL Injection exists via the group parameter to /services/prefs.php or the homePostalCode parameter to /turba/search.php.

CVE-2017-17781 (groupware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17781

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.

CVE-2017-17790 (ruby) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17790

Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read backup archives on Windows servers, by providing the archiv~1.zip name (aka an 8.3 filename).

CVE-2017-17793 (blogotext) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17793

An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.

CVE-2017-17840 (open-iscsi) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17840

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.

CVE-2017-17849 (getgo_download_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17849

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file.

CVE-2017-17859 (internet_browser) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17859

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

CVE-2017-17870 (jbuildozer) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17870

Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.

CVE-2017-17874 (marketplace_digital_products_php) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17874

An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).

CVE-2017-17878 (steam_link_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17878

ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.

CVE-2017-17901 (p-660hw_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17901

On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices.

CVE-2017-17910 (hs5-868-bs_firmware, hse1-868-bs_firmware, hse2-868-bs_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17910

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.

CVE-2017-17911 (archon) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17911

cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.

CVE-2017-17933 (surgeftp) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17933

A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.

CVE-2017-17968 (nettransport_download_manager) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17968

Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php.

CVE-2017-17970 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17970

The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS.

CVE-2017-17971 (dolibarr) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17971

In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL pointer and crashes. This was addressed in epan/dissectors/packet-mrdisc.c by validating an IPv4 address. This vulnerability is similar to CVE-2017-9343.

CVE-2017-17997 (wireshark) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17997

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.

CVE-2017-18004 (zurmo_crm) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18004

In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.

CVE-2017-18009 (opencv) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18009

The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.

CVE-2017-18012 (z-url_preview) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18012

In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.

CVE-2017-18013 (libtiff) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18013

An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option "Web Server Protection") in the webadmin interface, and execute any action available to the webadmin of the firewall (e.g., creating a new user, enabling SSH, or adding an SSH authorized key). The WAF log page will execute the "User-Agent" parameter in the HTTP POST request.

CVE-2017-18014 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18014

Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).

CVE-2017-18016 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18016

In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.

CVE-2017-18022 (imagemagick) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18022

In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

CVE-2017-18027 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18027

In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.

CVE-2017-18028 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18028

In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.

CVE-2017-18029 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18029

The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.

CVE-2017-18032 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18032

Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive.

CVE-2017-2158 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2158

PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.

CVE-2017-3196 (rawether) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3196

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVE-2017-4933 (esxi, fusion, workstation_pro) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4933

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVE-2017-4941 (esxi, fusion, workstation_pro) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4941

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.

CVE-2017-4943 (vcenter_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4943

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

CVE-2017-4949 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4949

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.

CVE-2017-4950 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-4950

Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such behaviors. One vector in the Java standard library exists that allows an attacker to trigger possibly further exploitable Java deserialization of untrusted data. Other known vectors in third party libraries can be used to trigger remote code execution.

CVE-2017-5641 (flex_blazeds) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5641

In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query.

CVE-2017-5663 (fineract) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5663

CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2.

CVE-2017-6094 (gaps) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6094

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By sniffing communications, an unauthorized person can execute a directory traversal attack resulting in authentication bypass or session hijack.

CVE-2017-9964 (pelco_videoxpert) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9964

A Path Traversal issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. Using a directory traversal attack, an unauthorized person can view web server files.

CVE-2017-9965 (pelco_videoxpert) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9965

An Improper Access Control issue was discovered in Schneider Electric Pelco VideoXpert Enterprise all versions prior to 2.1. By replacing certain files, an authorized user can obtain system privileges and the inserted code would execute at an elevated privilege level.

CVE-2017-9966 (pelco_videoxpert) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9966

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the web-based management interface to click a link that is designed to submit malicious input to the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the targeted device. Cisco Bug IDs: CSCvg51264.

CVE-2018-0118 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0118

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD.

CVE-2018-0486 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0486

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".

CVE-2018-0743 (windows_10, windows_server_1709) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0743

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

CVE-2018-0744 (windows_10, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0744

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.

CVE-2018-0745 (windows_10, windows_server_1709) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0745

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.

CVE-2018-0746 (windows_10, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0746

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.

CVE-2018-0747 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2008, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0747

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability".

CVE-2018-0748 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2008, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0748

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability".

CVE-2018-0749 (windows_10, windows_7, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2008, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0749

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability".

CVE-2018-0750 (windows_7, windows_server_2008) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0750

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752.

CVE-2018-0751 (windows_10, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0751

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751.

CVE-2018-0752 (windows_10, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0752

Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability".

CVE-2018-0753 (windows_10, windows_8.1, windows_rt_8.1, windows_server_1709, windows_server_2012, windows_server_2016) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0753

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781.

CVE-2018-0778 (chakracore, edge) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0778

Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780.

CVE-2018-0800 (chakracore, edge) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0800

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 137158.

CVE-2018-1361 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1361

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter.

CVE-2018-5075 (advanced_real_estate_script) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5075

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.

CVE-2018-5079 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5079

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.

CVE-2018-5080 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5080

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F0.

CVE-2018-5081 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5081

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002128.

CVE-2018-5082 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5082

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215B.

CVE-2018-5083 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5083

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C.

CVE-2018-5084 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5084

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002124.

CVE-2018-5085 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5085

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300215F.

CVE-2018-5086 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5086

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002100.

CVE-2018-5087 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5087

In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300211C.

CVE-2018-5088 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5088

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.

CVE-2018-5189 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5189

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.

CVE-2018-5212 (simple_download_monitor) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5212

The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.

CVE-2018-5213 (simple_download_monitor) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5213

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

CVE-2018-5215 (fork_cms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5215

Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.

CVE-2018-5216 (radiant_cms) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5216

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578.

CVE-2018-5217 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5217

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0.

CVE-2018-5218 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5218

In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168.

CVE-2018-5219 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5219

In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610.

CVE-2018-5220 (antivirus) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5220

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.

CVE-2018-5246 (imagemagick) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5246

In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.

CVE-2018-5247 (imagemagick) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5247

In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.

CVE-2018-5248 (imagemagick) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5248

A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.

CVE-2018-5262 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5262

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php.

CVE-2018-5315 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5315

Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.

CVE-2018-5326 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5326

Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.

CVE-2018-5327 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5327

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details.

CVE-2018-5328 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

CVE-2018-5329 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5329

In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

CVE-2018-5332 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5332

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

CVE-2018-5333 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5333

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks.

CVE-2018-5334 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5334

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.

CVE-2018-5335 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5335

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.

CVE-2018-5336 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5336

In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.

CVE-2018-5344 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5344

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

CVE-2018-5345 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5345

Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.

CVE-2018-5347 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5347

ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.

CVE-2018-5357 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5357

ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.

CVE-2018-5358 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5358

LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.

CVE-2018-5360 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5360

The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.

CVE-2018-5361 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5361

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.

CVE-2018-5362 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5362

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.

CVE-2018-5363 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5363

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.

CVE-2018-5364 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5364

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.

CVE-2018-5365 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5365

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.

CVE-2018-5366 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5366

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.

CVE-2018-5367 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5367

The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.

CVE-2018-5368 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5368

The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.

CVE-2018-5369 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5369

diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.

CVE-2018-5371 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5371

The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).

CVE-2018-5372 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5372

The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter).

CVE-2018-5373 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5373

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).

CVE-2018-5374 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5374

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.

CVE-2018-5375 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5375

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.

CVE-2018-5376 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5376

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.

CVE-2018-5377 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5377

FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. The affected function is its search engine via the search parameter to the default URI. Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

CVE-2018-5479 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5479

In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the unzip_match function in runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file.

CVE-2018-5650 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5650

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter.

CVE-2018-5651 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5651

An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter.

CVE-2018-5652 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5652

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter.

CVE-2018-5653 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5653

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter.

CVE-2018-5654 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5654

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter.

CVE-2018-5655 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5655

An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. CSRF exists via wp-admin/admin-ajax.php.

CVE-2018-5656 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5656

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title_icon parameter.

CVE-2018-5657 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5657

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. CSRF exists via wp-admin/admin.php.

CVE-2018-5658 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5658

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_title parameter.

CVE-2018-5659 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5659

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php coming-soon_sub_title parameter.

CVE-2018-5660 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5660

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_width parameter.

CVE-2018-5661 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5661

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php counter_title parameter.

CVE-2018-5662 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5662

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php button_text_link parameter.

CVE-2018-5663 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5663

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php social_icon_1 parameter.

CVE-2018-5664 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5664

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php logo_height parameter.

CVE-2018-5665 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5665

An issue was discovered in the responsive-coming-soon-page plugin 1.1.18 for WordPress. XSS exists via the wp-admin/admin.php bg_color parameter.

CVE-2018-5666 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5666

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter.

CVE-2018-5667 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5667

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter.

CVE-2018-5668 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5668

An issue was discovered in the read-and-understood plugin 2.1 for WordPress. CSRF exists via wp-admin/options-general.php.

CVE-2018-5669 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5669

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter.

CVE-2018-5670 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5670

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter.

CVE-2018-5671 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5671

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter.

CVE-2018-5672 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5672

An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php.

CVE-2018-5673 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5673

PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages > Edit page" screen.

CVE-2018-5681 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5681

PrestaShop 1.7.2.4 allows user enumeration via the Reset Password feature, by noticing which reset attempts do not produce a "This account does not exist" error message.

CVE-2018-5682 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5682

In Libav through 12.2, there is an invalid memcpy call in the ff_mov_read_stsd_entries function of libavformat/mov.c. Remote attackers could leverage this vulnerability to cause a denial of service (segmentation fault) and program failure with a crafted avi file.

CVE-2018-5684 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5684

In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value.

CVE-2018-5685 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5685

In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.

CVE-2018-5686 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5686

NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.

CVE-2018-5687 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5687

ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component.

CVE-2018-5688 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5688

Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email.

CVE-2018-5689 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5689

Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the nb parameter (aka the page limit number).

CVE-2018-5690 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5690

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.

CVE-2018-5691 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5691

Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file.

CVE-2018-5692 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5692

The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.

CVE-2018-5693 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5693

The callforward module in User Control Panel (UCP) in Nicolas Gudino (aka Asternic) Flash Operator Panel (FOP) 2.31.03 allows remote authenticated users to execute arbitrary commands via the command parameter.

CVE-2018-5694 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5694

The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php.

CVE-2018-5695 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5695

The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection via the `advertiser_status` and `status_select` parameters to index.php.

CVE-2018-5696 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5696

Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to admin_kb_art.php or the order parameter to admin_jr_admin.php, related to functions_kb.php.

CVE-2018-5697 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5697

libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.

CVE-2018-5698 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5698

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.

CVE-2018-5700 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5700

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

CVE-2018-5702 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5702

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.

CVE-2018-5703 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5703

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.

CVE-2018-5704 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5704

An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission.

CVE-2018-5706 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5706

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

CVE-2018-5709 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5709

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

CVE-2018-5710 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5710

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.

CVE-2018-5711 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5711

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

CVE-2018-5712 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5712

(© 2017 - 2017) by OSI ® ORDENADORES Y SOLUCIONES INFORMÁTICAS , OSIWARE ® - SON MARCAS REGISTRADAS DE ANGEL FRUCTUOSO LASHERAS
OSI Num.: 1.766.464 OEPM - OSIWARE ® US ® (tm)- s/n: 4.903.668 |  ES ® OEPM - Num.: 3.568.893