Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2890

CVE-2017-9546 | June 12, 2017
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9544 | June 12, 2017
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9543 | June 12, 2017
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9418 | June 12, 2017
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9324 | June 12, 2017
In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9128 | June 12, 2017
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9127 | June 12, 2017
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9126 | June 12, 2017
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9125 | June 12, 2017
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9124 | June 12, 2017
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9123 | June 12, 2017
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9122 | June 12, 2017
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8871 | June 12, 2017
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-8834 | June 12, 2017
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7667 | June 12, 2017
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-7665 | June 12, 2017
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6892 | June 12, 2017
In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1278 | June 12, 2017
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1276 | June 12, 2017
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124751.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1247 | June 12, 2017
IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124627.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-1214 | June 12, 2017
IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malformed email to a victim, that when opened could cause an information disclosure. IBM X-Force ID: 123854.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9542 | June 11, 2017
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9527 | June 11, 2017
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9526 | June 10, 2017
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-9525 | June 09, 2017
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.
Severity: | Impact score: 0.00 | Exploit score: 0.00

Page: 123456 out of 2890

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »