Users login

Create an account »

JOIN XATRIX

Users login

Home » CVE vulnerabilities

CVE Vulnerabilities

CVE vulnerabilities is a database of publicly known information security vulnerabilities and exposures.
Page: 123456 out of 2784

CVE-2017-6575 | March 09, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Mail-masta_project

CVE-2017-6574 | March 09, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Mail-masta_project

CVE-2017-6573 | March 09, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Mail-masta_project

CVE-2017-6572 | March 09, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Mail-masta_project

CVE-2017-6571 | March 09, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Mail-masta_project

CVE-2017-6570 | March 09, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.00
Vendors affected: Mail-masta_project

CVE-2017-6562 | March 09, 2017
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Agora-project

CVE-2017-6561 | March 09, 2017
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Agora-project

CVE-2017-6560 | March 09, 2017
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Agora-project

CVE-2017-6559 | March 09, 2017
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Agora-project

CVE-2017-6558 | March 09, 2017
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6556 | March 09, 2017
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Cmsmadesimple

CVE-2017-6555 | March 09, 2017
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
Severity: Low | Impact score: 2.90 | Exploit score: 6.80
Vendors affected: Cmsmadesimple

CVE-2017-6552 | March 09, 2017
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.
Severity: High | Impact score: 6.90 | Exploit score: 10.00
Vendors affected: Sagemcom

CVE-2017-6549 | March 09, 2017
Session hijack vulnerability in httpd in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.
Severity: High | Impact score: 10.00 | Exploit score: 8.60
Vendors affected: Asus

CVE-2017-6548 | March 09, 2017
Buffer overflows in networkmap in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.
Severity: High | Impact score: 10.00 | Exploit score: 10.00
Vendors affected: Asus

CVE-2017-6547 | March 09, 2017
Cross-site scripting (XSS) vulnerability in httpd in ASUS ASUSWRT on RT-AC53 3.0.0.4.380.6038 devices allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Asus

CVE-2017-6529 | March 09, 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
Severity: Medium | Impact score: 6.40 | Exploit score: 8.60
Vendors affected: Dnatools

CVE-2017-6528 | March 09, 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Dnatools

CVE-2017-6527 | March 09, 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
Severity: Medium | Impact score: 2.90 | Exploit score: 10.00
Vendors affected: Dnatools

CVE-2017-6526 | March 09, 2017
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
Severity: High | Impact score: 10.00 | Exploit score: 10.00
Vendors affected: Dnatools

CVE-2017-6465 | March 09, 2017
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6432 | March 09, 2017
An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injections of packets, which allows creation of fully privileged new users, in addition to capture of sensitive information.
Severity: | Impact score: 0.00 | Exploit score: 0.00

CVE-2017-6355 | March 09, 2017
Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.
Severity: Low | Impact score: 2.90 | Exploit score: 3.90
Vendors affected: Freedesktop

CVE-2017-6314 | March 09, 2017
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
Severity: Medium | Impact score: 2.90 | Exploit score: 8.60
Vendors affected: Gnome

Page: 123456 out of 2784

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »