SB17-317: Vulnerability Summary for the Week of November 6, 2017

Original release date: November 13, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
graphicsmagick — graphicsmagick The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does not properly validate colormapped images, which allows remote attackers to cause a denial of service (ImportIndexQuantumType invalid write and application crash) or possibly have unspecified other impact via a malformed WPG image. 2017-11-05 6.8 CVE-2017-16545
CONFIRM
CONFIRM
graphicsmagick — graphicsmagick The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does not properly look for pop keywords that are associated with push keywords, which allows remote attackers to cause a denial of service (negative strncpy and application crash) or possibly have unspecified other impact via a crafted file. 2017-11-06 6.8 CVE-2017-16547
CONFIRM
CONFIRM
imagemagick — imagemagick The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. 2017-11-05 6.8 CVE-2017-16546
CONFIRM
CONFIRM
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — fox515t
 
An Improper Input Validation issue was discovered in ABB FOX515T release 1.0. An improper input validation vulnerability has been identified, allowing a local attacker to provide a malicious parameter to the script that is not validated by the application, This could enable the attacker to retrieve any file on the server. 2017-11-06 not yet calculated CVE-2017-14025
BID
MISC
advantech — webaccess
 
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A remote attacker is able to execute code to dereference a pointer within the program causing the application to become unavailable. 2017-11-06 not yet calculated CVE-2017-12719
BID
MISC
advantech — webaccess
 
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. The application lacks proper validation of the length of user-supplied data prior to copying it to a stack-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. 2017-11-06 not yet calculated CVE-2017-14016
BID
MISC
asterisk — open_source_certified_asterisk
 
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. 2017-11-08 not yet calculated CVE-2017-16671
CONFIRM
BID
CONFIRM
asterisk — open_source_certified_asterisk
 
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash. 2017-11-08 not yet calculated CVE-2017-16672
CONFIRM
BID
CONFIRM
avaya — ip_office_contact_center
 
Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method. 2017-11-09 not yet calculated CVE-2017-12969
CONFIRM
MISC
MISC
FULLDISC
BID
EXPLOIT-DB
avaya — ip_office
 
Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. 2017-11-09 not yet calculated CVE-2017-11309
CONFIRM
MISC
MISC
BID
EXPLOIT-DB
backintime — backintime
 
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the ‘notify-send’ command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. 2017-11-08 not yet calculated CVE-2017-16667
CONFIRM
CONFIRM
CONFIRM
bludit — bludit
 
In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via editor is GET. To save the editor context, the followup POST method request must be processed to perform the attack via the application side. The basic validation of the editor does not allow injecting script codes and blocks the context. Attackers can inject the code by using an editor tag that is not recognized by the basic validation. Thus allows a restricted user account to inject malicious script code to perform a persistent attack against higher privilege web-application user accounts. 2017-11-06 not yet calculated CVE-2017-16636
MISC
bolt_technology — bolt
 
Bolt before 3.3.6 does not properly restrict access to _profiler routes, related to EventListener/ProfilerListener.php and Provider/EventListenerServiceProvider.php. 2017-11-09 not yet calculated CVE-2017-16754
BID
MISC
MISC
brother — debut_software
 
The Debut embedded http server 1.20 contains a remotely exploitable denial of service where a single malformed HTTP request can cause the server to hang until eventually replying with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic. NOTE: this might overlap CVE-2017-12568. 2017-11-09 not yet calculated CVE-2017-16249
MISC
EXPLOIT-DB
cacti — cacti
 
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header. 2017-11-08 not yet calculated CVE-2017-16660
MISC
cacti — cacti
 
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd. 2017-11-08 not yet calculated CVE-2017-16661
MISC
cacti — cacti
 
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. 2017-11-10 not yet calculated CVE-2017-16785
MISC
cacti — cacti
 
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php. 2017-11-07 not yet calculated CVE-2017-16641
CONFIRM
cesanta — mongoose
 
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2892
MISC
cesanta — mongoose
 
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2891
MISC
cesanta — mongoose
 
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2922
MISC
cesanta — mongoose
 
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2921
MISC
cesanta — mongoose
 
An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2895
MISC
cesanta — mongoose
 
An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2893
MISC
cesanta — mongoose
 
An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2894
MISC
cesanta — mongoose
 
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2909
MISC
cms_made_simple — cms_made_simple
 
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. 2017-11-10 not yet calculated CVE-2017-16784
MISC
cms_made_simple — cms_made_simple
 
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter. 2017-11-10 not yet calculated CVE-2017-16783
MISC
confire — confire
 
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from “~/.confire.yaml” using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-10 not yet calculated CVE-2017-16763
MISC
cumulus_networks — linux
 
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492). 2017-11-08 not yet calculated CVE-2017-15865
CONFIRM
CONFIRM
CONFIRM
CONFIRM
d-link — dwr-933_device
 
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. 2017-11-10 not yet calculated CVE-2017-16765
MISC
datto — backup_agent
 
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to “pair” with the agent and issue requests to this agent, if the attacker can reach the agent on TCP port 25566 or 25568, and send unspecified “specific information” by which the agent identifies a network device that is “appearing to be a valid Datto.” 2017-11-08 not yet calculated CVE-2017-16673
CONFIRM
datto — windows_agent
 
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command and a secondary non-whitelisted command. This affects Datto Windows Agent (DWA) 1.0.5.0 and earlier. In other words, an attacker could combine this “primary/secondary” attack with the CVE-2017-16673 “rogue pairing” attack to achieve unauthenticated access to all agent machines running these older DWA versions. 2017-11-08 not yet calculated CVE-2017-16674
CONFIRM
disney — circle An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2916
MISC
disney — circle An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2898
MISC
disney — circle
 
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12094
MISC
disney — circle
 
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2913
MISC
disney — circle
 
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2917
MISC
disney — circle
 
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2911
MISC
disney — circle
 
An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2881
MISC
disney — circle
 
An exploitable information disclosure vulnerability exists in the apid daemon of the Circle with Disney running firmware 2.0.1. A specially crafted set of packets can make the Disney Circle dump strings from an internal database into an HTTP response. An attacker needs network connectivity to the Internet to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12083
MISC
disney — circle
 
An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12085
MISC
disney — circle
 
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2914
MISC
disney — circle
 
A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker can send an API call to enable the SSH server. 2017-11-07 not yet calculated CVE-2017-12084
MISC
disney — circle
 
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2912
MISC
disney — circle
 
An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2884
MISC
disney — circle
 
An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2889
MISC
disney — circle
 
An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. An attacker can send a series of packets to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2864
MISC
disney — circle
 
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2883
MISC
disney — circle
 
An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2866
MISC
disney — circle
 
An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2865
MISC
disney — circle
 
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2882
MISC
disney — circle
 
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2915
MISC
disney — circle
 
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-2890
MISC
disney — circle
 
An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed “deauth” packets to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-12096
MISC
django_make_app — django_make_app
 
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-10 not yet calculated CVE-2017-16764
MISC
docker — moby
 
The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a “scsi remove-single-device” line to /proc/scsi/scsi, aka SCSI MICDROP. 2017-11-04 not yet calculated CVE-2017-16539
MISC
MISC
MISC
MISC
MISC
drupal — drupal
 
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. 2017-11-06 not yet calculated CVE-2015-7878
MISC
ffmpeg — ffmpeg
 
The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. 2017-11-06 not yet calculated CVE-2017-15672
CONFIRM
MLIST
BID
forcepoint — triton_ap-email
 
TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file access in an unspecified directory. 2017-11-06 not yet calculated CVE-2017-11177
CONFIRM
gentoo — gentoo
 
The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the “qemu” group to gain root privileges by creating a hard link in a directory on which “chown” is called recursively by the OpenRC service script. 2017-11-06 not yet calculated CVE-2017-16638
CONFIRM
gentoo — gentoo
 
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script. 2017-11-08 not yet calculated CVE-2017-16659
CONFIRM
graphicsmagick — graphicsmagick
 
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c. 2017-11-08 not yet calculated CVE-2017-16669
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
hashicorp — vagrant
 
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. 2017-11-06 not yet calculated CVE-2017-16001
MISC
hola — hola
 
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file. 2017-11-09 not yet calculated CVE-2017-16757
MISC
home_assistant — home_assistant
 
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. 2017-11-10 not yet calculated CVE-2017-16782
CONFIRM
hpe — content_manager_workgroup_service
 
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS). 2017-11-08 not yet calculated CVE-2017-14360
CONFIRM
inedo — buildmaster Inedo BuildMaster before 5.8.2 has XSS. 2017-11-10 not yet calculated CVE-2017-16760
CONFIRM
CONFIRM
inedo — buildmaster
 
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used. 2017-11-10 not yet calculated CVE-2017-16521
MISC
MISC
MISC
MISC
MISC
inedo — buildmaster
 
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites. 2017-11-10 not yet calculated CVE-2017-16761
CONFIRM
CONFIRM
CONFIRM
inedo — buildmaster
 
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners. 2017-11-10 not yet calculated CVE-2017-16520
CONFIRM
CONFIRM
CONFIRM
ingenious — school_management_system
 
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the ‘friend_index’ parameter of a GET request. 2017-11-07 not yet calculated CVE-2017-16561
EXPLOIT-DB
inpage — inpage
 
Special crafted InPage document leads to arbitrary code execution in InPage reader. 2017-11-08 not yet calculated CVE-2017-12824
MISC
ipswitch — ws_ftp_professional
 
Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in the local search field and the backup locations field, aka WSCLT-1729. 2017-11-03 not yet calculated CVE-2017-16513
MISC
MISC
EXPLOIT-DB
itext — itext
 
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF. 2017-11-08 not yet calculated CVE-2017-9096
BUGTRAQ
MISC
joomla! — joomla!
 
In Joomla! before 3.8.2, a bug allowed third parties to bypass a user’s 2-factor authentication method. 2017-11-09 not yet calculated CVE-2017-16634
BID
SECTRACK
CONFIRM
joomla! — joomla!
 
In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only information about a site’s custom fields to unauthorized users. 2017-11-09 not yet calculated CVE-2017-16633
BID
SECTRACK
CONFIRM
kabona_ab — webdatorcentral
 
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. 2017-11-07 not yet calculated CVE-2016-0872
MISC
keystonejs — keystonejs
 
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. 2017-11-06 not yet calculated CVE-2017-16570
MISC
MISC
MISC
libebml2 — libebml2
 
The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12800
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12801
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12802
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12783
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12781
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12782
MISC
FULLDISC
CONFIRM
libebml2 — libebml2
 
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12780
MISC
FULLDISC
CONFIRM
librenms — librenms
 
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php. 2017-11-09 not yet calculated CVE-2017-16759
CONFIRM
CONFIRM
CONFIRM
CONFIRM
linux — linux_kernel
 
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm. 2017-11-06 not yet calculated CVE-2017-15306
MISC
MISC
MISC
BID
MISC
linux — linux_kernel
 
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16650
MISC
MISC
linux — linux_kernel
 
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16644
MISC
MISC
linux — linux_kernel
 
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16643
MISC
BID
MISC
MISC
linux — linux_kernel
 
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16645
BID
MISC
MISC
linux — linux_kernel
 
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16646
MISC
MISC
linux — linux_kernel
 
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. 2017-11-07 not yet calculated CVE-2017-16648
BID
MISC
MISC
linux — linux_kernel
 
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16647
BID
MISC
MISC
linux — linux_kernel
 
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. 2017-11-07 not yet calculated CVE-2017-16649
BID
MISC
MISC
logitech — media_server
 
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a “favorite.” 2017-11-09 not yet calculated CVE-2017-16567
EXPLOIT-DB
logitech — media_server
 
Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9.0 allows remote attackers to inject arbitrary web script or HTML via a radio URL. 2017-11-09 not yet calculated CVE-2017-16568
EXPLOIT-DB
manageengine — applications_manager
 
Zoho ManageEngine Applications Manager 13 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. 2017-11-05 not yet calculated CVE-2017-16543
MISC
EXPLOIT-DB
manageengine — applications_manager
 
Zoho ManageEngine Applications Manager 13 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request. 2017-11-05 not yet calculated CVE-2017-16542
MISC
EXPLOIT-DB
manageengine — servicedesk
 
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. 2017-11-08 not yet calculated CVE-2017-11512
MISC
manageengine — servicedesk
 
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. 2017-11-08 not yet calculated CVE-2017-11511
MISC
matroska — mkvalidator
 
The Node_GetData function in corec/corec/node/node.c in mkvalidator 0.5.1 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12779
MISC
FULLDISC
CONFIRM
metalgenix — genixcms
 
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php. 2017-11-08 not yet calculated CVE-2015-3933
CONFIRM
EXPLOIT-DB
mitrastar — gpt-2541gnac_router
 
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented. 2017-11-03 not yet calculated CVE-2017-16523
BID
MISC
EXPLOIT-DB
mkclean — mkclean
 
The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file. 2017-11-09 not yet calculated CVE-2017-12803
MISC
FULLDISC
CONFIRM
mlalchemy — mlalchemy
 
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-16615
CONFIRM
CONFIRM
MISC
mybb_group — mybb
 
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file. 2017-11-10 not yet calculated CVE-2017-16780
CONFIRM
mybb_group — mybb
 
The installer in MyBB before 1.8.13 has XSS. 2017-11-10 not yet calculated CVE-2017-16781
CONFIRM
netapp — clustered_data_ontap
 
NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow remote authenticated users to obtain sensitive cluster and tenant information via unspecified vectors, a different vulnerability than CVE-2016-3064. 2017-11-09 not yet calculated CVE-2017-5201
BID
CONFIRM
netapp — oncommand_unified_manager
 
NetApp OnCommand Unified Manager for 7-mode (core package) versions prior to 5.2.1 are susceptible to a clickjacking or “UI redress attack” which could be used to cause a user to perform an unintended action in the user interface. 2017-11-09 not yet calculated CVE-2017-11461
BID
CONFIRM
netiq — imanager
 
Multiple potential reflected XSS issues exist in NetIQ iManager versions before 2.7.7 Patch 10 HF2 and 3.0.3.2. 2017-11-06 not yet calculated CVE-2017-7425
CONFIRM
CONFIRM
CONFIRM
CONFIRM
owlmixin — owlmixin
 
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A “Load YAML” string or file (aka load_yaml or load_yamlf) can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-16618
CONFIRM
CONFIRM
MISC
perl — perl
 
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. 2017-11-07 not yet calculated CVE-2008-7319
MISC
MISC
MISC
MISC
php — php
 
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension’s timelib_meridian handling of ‘front of’ and ‘back of’ directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the php_parse_date function. NOTE: this is a different issue than CVE-2017-11145. 2017-11-07 not yet calculated CVE-2017-16642
CONFIRM
CONFIRM
BID
CONFIRM
CONFIRM
CONFIRM
pyanyapi — pyanyapi
 
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability. 2017-11-07 not yet calculated CVE-2017-16616
CONFIRM
CONFIRM
MISC
CONFIRM
red_hat — enterprise_linux
 
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. 2017-11-08 not yet calculated CVE-2017-15087
BID
CONFIRM
red_hat — enterprise_linux
 
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. 2017-11-08 not yet calculated CVE-2017-15086
BID
CONFIRM
red_hat — enterprise_linux
 
It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. 2017-11-08 not yet calculated CVE-2017-15085
BID
CONFIRM
red_hat — multiple_products
 
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. 2017-11-09 not yet calculated CVE-2015-7501
BID
SECTRACK
SECTRACK
SECTRACK
SECTRACK
CONFIRM
CONFIRM
CONFIRM
CONFIRM
remobjects — remobjects
 
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL. 2017-11-08 not yet calculated CVE-2017-16665
CONFIRM
roundcube — roundcube
 
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host’s filesystem, including configuration files, as exploited in the wild in November 2017. The attacker must be able to authenticate at the target system with a valid username/password as the attack requires an active session. The issue is related to file-based attachment plugins and _task=settings&_action=upload-display&_from=timezone requests. 2017-11-09 not yet calculated CVE-2017-16651
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
DEBIAN
rsync — rsync
 
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing ‘’ character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon. 2017-11-06 not yet calculated CVE-2017-16548
CONFIRM
CONFIRM
sam2p — sam2p
 
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because “width * height” multiplications occur unsafely. 2017-11-08 not yet calculated CVE-2017-16663
CONFIRM
samsung — srn-1670d
 
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: ‘network_ssl_upload.php’ allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. 2017-11-06 not yet calculated CVE-2017-16524
MISC
sanic — sanic
 
Sanic before 0.5.1 allows reading arbitrary files with directory traversal, as demonstrated by the /static/..%2f substring. 2017-11-10 not yet calculated CVE-2017-16762
CONFIRM
CONFIRM
savitech_corp — savitech_drivers
 
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka “Inaudible Subversion.” 2017-11-09 not yet calculated CVE-2017-9758
BID
MISC
CERT-VN
MISC
siemens — simatic_pcs_7
 
An Improper Input Validation issue was discovered in Siemens SIMATIC PCS 7 V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and V8.2 all versions. The improper input validation vulnerability has been identified, which may allow an authenticated remote attacker who is a member of the administrators group to crash services by sending specially crafted messages to the DCOM interface. 2017-11-06 not yet calculated CVE-2017-14023
BID
SECTRACK
MISC
sos — sos
 
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date. 2017-11-06 not yet calculated CVE-2015-7529
BID
UBUNTU
MISC
MISC
CONFIRM
CONFIRM
suse — suse_linux_enterprise_desktop
 
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services. 2017-11-09 not yet calculated CVE-2017-15638
SUSE
swftools — swftools
 
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender. 2017-11-09 not yet calculated CVE-2017-16711
MISC
symantec — endpoint_protection
 
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product’s UI to perform unauthorized file deletes on the resident file system. 2017-11-06 not yet calculated CVE-2017-13680
BID
CONFIRM
symantec — endpoint_protection
 
Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter an issue of Tamper-Protection Bypass, which is a type of attack that bypasses the real time protection for the application that is run on servers and clients. 2017-11-06 not yet calculated CVE-2017-6331
BID
CONFIRM
symantec — endpoint_protection
 
Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. In the circumstances of this issue, the capability of exploit is limited by the need to perform multiple file and directory writes to the local filesystem and as such, is not feasible in a standard drive-by type attack. 2017-11-06 not yet calculated CVE-2017-13681
BID
CONFIRM
synology — carddav_server
 
An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack. 2017-11-07 not yet calculated CVE-2017-15887
CONFIRM
tinywebgallery — tinywebgallery
 
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the `TWG Explorer` item listing. The request method to inject is POST and the attack vector is located on the application-side of the service. The injection point is the add/create input field and the execution point occurs in the item listing after the add or create. 2017-11-06 not yet calculated CVE-2017-16635
MISC
tor — browser
 
Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected. 2017-11-04 not yet calculated CVE-2017-16541
BID
MISC
MISC
MISC
MISC
MISC
trihedral — vtscada
 
An Uncontrolled Search Path Element issue was discovered in Trihedral VTScada 11.3.03 and prior. The program will execute specially crafted malicious dll files placed on the target machine. 2017-11-06 not yet calculated CVE-2017-14029
MISC
trihedral — vtscada
 
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine. 2017-11-06 not yet calculated CVE-2017-14031
MISC
vectura — perfect_privacy_vpn_manager
 
In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when resetting the network data via the software client, with a running VPN connection, a critical error occurs which leads to a “FrmAdvancedProtection” crash. Although the mechanism malfunctions and an error occurs during the runtime with the stack trace being issued, the software process is not properly terminated. The software client is still attempting to maintain the connection even though the network connection information is being reset live. In that insecure mode, the “FrmAdvancedProtection” component crashes, but the process continues to run with different errors and process corruptions. This local corruption vulnerability can be exploited by local attackers. 2017-11-06 not yet calculated CVE-2017-16637
MISC
MISC
vonage/grandstream — ht802_device
 
Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vonage (Grandstream) HT802 devices allows attackers to modify settings, related to cgi-bin/update. 2017-11-06 not yet calculated CVE-2017-16563
MISC
vonage/grandstream — ht802_device
 
Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests. 2017-11-06 not yet calculated CVE-2017-16565
MISC
vonage/grandstream — ht802_device
 
Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on Vonage (Grandstream) HT802 devices allows remote authenticated users to inject arbitrary web script or HTML via the DHCP vendor class ID field (P148). 2017-11-06 not yet calculated CVE-2017-16564
MISC
wordpress — wordpress
 
The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the “admin” username, allows remote attackers to bypass authentication and obtain administrative access via a “true” value for the up_auto_log parameter in the QUERY_STRING to the default URI. 2017-11-09 not yet calculated CVE-2017-16562
CONFIRM
EXPLOIT-DB
wordpress — wordpress
 
Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “access_token” parameter. 2017-11-09 not yet calculated CVE-2017-16758
MISC
MISC
MISC
zurmo — zurmo
 
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. 2017-11-06 not yet calculated CVE-2017-16569
MISC
zurmo — zurmo
 
Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. 2017-11-06 not yet calculated CVE-2017-15039
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

This entry was posted in Alerts. Bookmark the permalink.