NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Newsfeeds
National Vulnerability Database
  • CVE-1999-0098 (appleshare, mercury_mail_server, slmail)

    Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.

    click to view

  • CVE-1999-0725 (internet_information_server)

    When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

    click to view

  • CVE-1999-1015 (appleshare_mail_server)

    Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.

    click to view

  • CVE-2000-1090 (internet_information_server)

    Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character.

    click to view

  • CVE-2001-0198 (quicktime)

    Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.

    click to view

  • CVE-2001-0240 (word)

    Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.

    click to view

  • CVE-2002-1143 (excel, word)

    Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

    click to view

  • CVE-2002-2132 (windows_2000, windows_xp)

    Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.

    click to view

  • CVE-2003-0122 (lotus_domino, lotus_notes_client)

    Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

    click to view

  • CVE-2003-0123 (lotus_domino, lotus_notes_client)

    Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.

    click to view

  • CVE-2003-0664 (word, works)

    Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.

    click to view

  • CVE-2006-1540 (office)

    MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.

    click to view

  • CVE-2006-3647 (office)

    Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.

    click to view

  • CVE-2006-5331 (linux_kernel)

    The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before 2.6.19 on 64-bit systems mishandles the case where CONFIG_ALTIVEC is defined and the CPU actually supports Altivec, but the Altivec support was not detected by the kernel, which allows local users to cause a denial of service (panic) by triggering execution of an Altivec instruction.

    click to view

  • CVE-2007-1765 (definity_one_media_server, ie, ip600_media_servers, s3400, s8100, windows_2000, windows_2003_server, windows_vista, windows_xp)

    Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.

    click to view

  • CVE-2008-3625 (quicktime)

    Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.

    click to view

  • CVE-2008-3627 (quicktime)

    Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.

    click to view

  • CVE-2008-3628 (quicktime)

    Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."

    click to view

  • CVE-2008-4446 (nucleus)

    Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

    click to view

  • CVE-2009-1198 (juddi)

    Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp.

    click to view

  • CVE-2010-2258 (phpbannerexchange)

    Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter.

    click to view

  • CVE-2010-3227 (windows_7, windows_server, windows_vista, windows_xp)

    Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."

    click to view

  • CVE-2011-2683 (reseed)

    reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack.

    click to view

  • CVE-2011-2684 (foo2zjs)

    foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.

    click to view

  • CVE-2012-0455 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue.

    click to view

  • CVE-2012-0456 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read.

    click to view

  • CVE-2012-0457 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation.

    click to view

  • CVE-2012-0458 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context.

    click to view

  • CVE-2012-0461 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

    click to view

  • CVE-2012-0463 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android.

    click to view

  • CVE-2012-0464 (firefox, firefox_esr, seamonkey, thunderbird, thunderbird_esr)

    Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.

    click to view

  • CVE-2012-0881 (xerces2_java)

    Apache Xerces2 Java allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.

    click to view

  • CVE-2012-4449 (hadoop)

    Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.

    click to view

  • CVE-2012-4969 (internet_explorer)

    Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.

    click to view

  • CVE-2012-5357 (ektron_content_management_system)

    Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.

    click to view

  • CVE-2012-5358 (ektron_content_management_system)

    The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.

    click to view

  • CVE-2012-5636 (wicket)

    Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to

    BUG/* . The second payload blocks the change of wireless settings. A factory reset is required.

    click to view

  • CVE-2017-14356 (arcsight_enterprise_security_manager, arcsight_enterprise_security_manager_express)

    An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow SQL injection.

    click to view

  • CVE-2017-14357 (arcsight_enterprise_security_manager, arcsight_enterprise_security_manager_express)

    A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow Reflected and Stored Cross-Site Scripting (XSS)

    click to view

  • CVE-2017-14358 (arcsight_enterprise_security_manager, arcsight_enterprise_security_manager_express)

    A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site.

    click to view

  • CVE-2017-14359 (performance_center)

    A potential security vulnerability has been identified in HPE Performance Center versions 12.20. The vulnerability could be remotely exploited to allow cross-site scripting.

    click to view

  • CVE-2017-14373 (rsa_authentication_manager)

    EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

    click to view

  • CVE-2017-14919 (node.js)

    Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows remote attackers to cause a denial of service (uncaught exception and crash) by leveraging a change in the zlib module 1.2.9 making 8 an invalid value for the windowBits parameter.

    click to view

  • CVE-2017-14992 (docker)

    Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

    click to view

  • CVE-2017-15039 (zurmo_crm)

    Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

    click to view

  • CVE-2017-15044

    The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface.

    click to view

  • CVE-2017-15098

    Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory.

    click to view

  • CVE-2017-15099

    INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

    click to view

  • CVE-2017-15110

    In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

    click to view

  • CVE-2017-15366 (ndoc)

    Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.

    click to view

  • CVE-2017-15377 (suricata)

    In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).

    click to view

  • CVE-2017-15379 (e-sic)

    An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.

    click to view

  • CVE-2017-15527

    Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.

    click to view

  • CVE-2017-15528

    Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.

    click to view

  • CVE-2017-15580 (osticket)

    osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.

    click to view

  • CVE-2017-15581 (diary_with_lock)

    In the "Diary with lock" (aka WriteDiary) application 4.72 for Android, neither HTTPS nor other encryption is used for transmitting data, despite the documentation that the product is intended for "a personal journal of ... secrets and feelings," which allows remote attackers to obtain sensitive information by sniffing the network during LoginActivity or NoteActivity execution.

    click to view

  • CVE-2017-15597 (xen)

    An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out.

    click to view

  • CVE-2017-15687 (media_server)

    DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.

    click to view

  • CVE-2017-15736 (spip)

    Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.

    click to view

  • CVE-2017-15812 (easy_appointments)

    The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.

    click to view

  • CVE-2017-15871 (serialize-to-js)

    ** DISPUTED ** The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE: the vendor agrees that denial of service can occur but notes that deserialize is explicitly listed as "harmful" within the README.md file.

    click to view

  • CVE-2017-15884 (vagrant_vmware_fusion)

    In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

    click to view

  • CVE-2017-15888 (audio_station)

    Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter.

    click to view

  • CVE-2017-15911 (openfire)

    The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application.

    click to view

  • CVE-2017-15918 (sera)

    Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.

    click to view

  • CVE-2017-15920 (anti-malware, online_security_pro)

    In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002054. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.

    click to view

  • CVE-2017-15921 (anti-malware, online_security_pro)

    In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186.150, the zam32.sys driver contains a NULL pointer dereference vulnerability that gets triggered when sending an operation to ioctl 0x80002010. This is due to the input buffer being NULL or the input buffer size being 0 as they are not validated.

    click to view

  • CVE-2017-15950 (syncbreeze)

    Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode.

    click to view

  • CVE-2017-15956 (converto_video_downloader_&_converter)

    ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.

    click to view

  • CVE-2017-15957 (ingenious_school_management_system)

    my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.

    click to view

  • CVE-2017-15958 (d-park_pro)

    D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.

    click to view

  • CVE-2017-15960 (article_directory_script)

    Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php.

    click to view

  • CVE-2017-15961 (iproject_management_system)

    iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.

    click to view

  • CVE-2017-15962 (istock_management_system)

    iStock Management System 1.0 allows Arbitrary File Upload via user/profile.

    click to view

  • CVE-2017-15964 (job_board_script)

    Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.

    click to view

  • CVE-2017-15965 (ns_download_shop)

    The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.

    click to view

  • CVE-2017-15966 (zh_yandexmap)

    The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.

    click to view

  • CVE-2017-15967 (mailing_list_manager_pro)

    Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.

    click to view

  • CVE-2017-15971 (same_sex_dating_software_pro)

    Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.

    click to view

  • CVE-2017-15975 (dating_zone)

    Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.

    click to view

  • CVE-2017-15976 (zeebuddy)

    ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.

    click to view

  • CVE-2017-15977 (expiring_download_links)

    Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.

    click to view

  • CVE-2017-15978 (school_erp_php_script)

    AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.

    click to view

  • CVE-2017-15979 (shareet)

    Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.

    click to view

  • CVE-2017-15980 (us_zip_codes_database_script)

    US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.

    click to view

  • CVE-2017-15981 (responsive_newspaper_magazine_&_blog_cms)

    Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

    click to view

  • CVE-2017-15982 (news_magazine_&_blog_cms)

    Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

    click to view

  • CVE-2017-15983 (mymagazine_magazine_&_blog_cms)

    MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.

    click to view

  • CVE-2017-15984 (creative_management_system_lite)

    Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.

    click to view

  • CVE-2017-15985 (basic_b2b_script)

    Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.

    click to view

  • CVE-2017-15986 (cpa_lead_reward_script)

    CPA Lead Reward Script allows SQL Injection via the username parameter.

    click to view

  • CVE-2017-15987 (fake_magazine_cover_script)

    Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.

    click to view

  • CVE-2017-15988 (nice_php_faq_script)

    Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.

    click to view

  • CVE-2017-15989 (online_exam_test_application)

    Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.

    click to view

  • CVE-2017-15990 (php_inventory_and_invoice_management_system)

    Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.

    click to view

  • CVE-2017-15991 (agent_zone)

    Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.

    click to view

  • CVE-2017-15992 (website_broker_script)

    Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.

    click to view

  • CVE-2017-15993 (zomato_clone_script)

    Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.

    click to view

  • CVE-2017-15994 (rsync)

    rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.

    click to view

  • CVE-2017-15997 (contacts_backup_&_restore)

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 encryption is used to secure the user password locally stored in shared preferences. Because there is a static RC4 key, an attacker can gain access to user credentials more easily by leveraging access to the preferences XML file.

    click to view

  • CVE-2017-15998 (contacts_backup_&_restore)

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES encryption with a static key is used to secure transmitted contact data. This makes it easier for remote attackers to obtain cleartext information by sniffing the network.

    click to view

  • CVE-2017-15999 (contacts_backup_&_restore)

    In the "NQ Contacts Backup & Restore" application 1.1 for Android, no HTTPS is used for transmitting login and synced user data. When logging in, the username is transmitted in cleartext along with an SHA-1 hash of the password. The attacker can either crack this hash or use it for further attacks where only the hash value is required.

    click to view

  • CVE-2017-16227 (debian_linux, quagga)

    The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for long paths counts certain bytes twice and consequently constructs an invalid message.

    click to view

  • CVE-2017-16228 (dulwich)

    Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.

    click to view

  • CVE-2017-16230 (typecho)

    In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.

    click to view

  • CVE-2017-16244 (october_cms)

    Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an attacker to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF headers and CSRF tokens via a certain _handler postback variable.

    click to view

  • CVE-2017-16510 (wordpress)

    WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.

    click to view

  • CVE-2017-16516 (yajl-ruby_gem)

    In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.

    click to view

  • CVE-2017-16522 (dsl-100hn-t1_firmware, gpt-2541gnac_firmware)

    MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.

    click to view

  • CVE-2017-16523 (dsl-100hn-t1_firmware, gpt-2541gnac_firmware)

    MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.

    click to view

  • CVE-2017-16525 (linux_kernel)

    The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.

    click to view

  • CVE-2017-16528 (linux_kernel)

    sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.

    click to view

  • CVE-2017-16529 (linux_kernel)

    The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

    click to view

  • CVE-2017-16530 (linux_kernel)

    The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.

    click to view

  • CVE-2017-16531 (linux_kernel)

    drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.

    click to view

  • CVE-2017-16534 (linux_kernel)

    The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.

    click to view

  • CVE-2017-16544

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

    click to view

  • CVE-2017-16566

    On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device.

    click to view

  • CVE-2017-16569 (zurmo_crm)

    An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

    click to view

  • CVE-2017-16613

    An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

    click to view

  • CVE-2017-16664

    Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attackeer can execute shell commands as the webserver user via URL manipulation.

    click to view

  • CVE-2017-16784 (cms_made_simple)

    In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.

    click to view

  • CVE-2017-16819

    A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.

    click to view

  • CVE-2017-16840

    The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c.

    click to view

  • CVE-2017-16845

    hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.

    click to view

  • CVE-2017-16868

    In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.

    click to view

  • CVE-2017-16869

    ** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever."

    click to view

  • CVE-2017-16870

    The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction.

    click to view

  • CVE-2017-16871

    The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter.

    click to view

  • CVE-2017-16872

    An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.

    click to view

  • CVE-2017-16875

    An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.

    click to view

  • CVE-2017-16877

    ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

    click to view

  • CVE-2017-16880

    The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.

    click to view

  • CVE-2017-16881

    b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, service/ArticleQueryService.java, service/AvatarQueryService.java, and service/CommentQueryService.java.

    click to view

  • CVE-2017-16882

    Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account, a related issue to CVE-2017-14312. This also affects bin/icingastats, bin/ido2db, and bin/log2ido.

    click to view

  • CVE-2017-16883

    The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.

    click to view

  • CVE-2017-16892

    In Bftpd before 4.7, there is a memory leak in the file rename function.

    click to view

  • CVE-2017-16894

    In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions.

    click to view

  • CVE-2017-16896

    A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.

    click to view

  • CVE-2017-16898

    The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.

    click to view

  • CVE-2017-16899

    An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.

    click to view

  • CVE-2017-16902

    On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.

    click to view

  • CVE-2017-16903

    LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

    click to view

  • CVE-2017-16904

    The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.

    click to view

  • CVE-2017-16906

    In Horde Groupware 5.2.19, there is XSS via the URL field in a "Calendar -> New Event" action.

    click to view

  • CVE-2017-16907

    In Horde Groupware 5.2.19, there is XSS via the Color field in a Create Task List action.

    click to view

  • CVE-2017-16908

    In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed.

    click to view

  • CVE-2017-16919

    MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description parameter.

    click to view

  • CVE-2017-16920

    v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via a member api swfupload action to index.php.

    click to view

  • CVE-2017-16923

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.

    click to view

  • CVE-2017-16926

    Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.

    click to view

  • CVE-2017-2896

    An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

    click to view

  • CVE-2017-2897

    An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.

    click to view

  • CVE-2017-2919

    An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability

    click to view

  • CVE-2017-3157

    By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.

    click to view

  • CVE-2017-3771 (aio_e95_firmware, thinkcentre_m710s_firmware, thinkcentre_m710t_firmware)

    System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.

    click to view

  • CVE-2017-3933 (network_data_loss_prevention)

    Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.

    click to view

  • CVE-2017-3934 (network_data_loss_prevention)

    Missing HTTP Strict Transport Security state information vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows man-in-the-middle attackers to expose confidential data via read files on the webserver.

    click to view

  • CVE-2017-3935 (network_data_loss_prevention)

    Network Data Loss Prevention is vulnerable to MIME type sniffing which allows older versions of Internet Explorer to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the intended content type.

    click to view

  • CVE-2017-4927

    VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

    click to view

  • CVE-2017-4928

    The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure.

    click to view

  • CVE-2017-4929

    VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure.

    click to view

  • CVE-2017-4934

    VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

    click to view

  • CVE-2017-4935

    VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds write vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

    click to view

  • CVE-2017-4936

    VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client.

    click to view

  • CVE-2017-4937

    VMware Workstation (12.x before 12.5.8) and Horizon View Client for Windows (4.x before 4.6.1) contain an out-of-bounds read vulnerability in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View Client.

    click to view

  • CVE-2017-4938

    VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

    click to view

  • CVE-2017-4939

    VMware Workstation (12.x before 12.5.8) installer contains a DLL hijacking issue that exists due to some DLL files loaded by the application improperly. This issue may allow an attacker to load a DLL file of the attacker's choosing that could execute arbitrary code.

    click to view

  • CVE-2017-5062 (chrome)

    A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.

    click to view

  • CVE-2017-5072 (chrome)

    Inappropriate implementation in Omnibox in Google Chrome prior to 59.0.3071.92 for Android allowed a remote attacker to perform domain spoofing with RTL characters via a crafted URL page.

    click to view

  • CVE-2017-5085 (chrome)

    Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.

    click to view

  • CVE-2017-5108 (chrome)

    Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

    click to view

  • CVE-2017-5705

    Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.

    click to view

  • CVE-2017-5706

    Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.

    click to view

  • CVE-2017-5707

    Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.

    click to view

  • CVE-2017-5708

    Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.

    click to view

  • CVE-2017-5709

    Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.

    click to view

  • CVE-2017-5710

    Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.

    click to view

  • CVE-2017-5711

    Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

    click to view

  • CVE-2017-5712

    Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

    click to view

  • CVE-2017-5719

    A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.

    click to view

  • CVE-2017-5729

    Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.

    click to view

  • CVE-2017-6166

    In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.

    click to view

  • CVE-2017-6168

    On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself.

    click to view

  • CVE-2017-7335 (fortiwlc)

    A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.

    click to view

  • CVE-2017-7341 (fortiwlc)

    An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests.

    click to view

  • CVE-2017-7411 (tuleap)

    An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).

    click to view

  • CVE-2017-7550

    A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords to be specified in the "params" argument, and noting this in the module documentation.

    click to view

  • CVE-2017-7732 (fortimail)

    A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.

    click to view

  • CVE-2017-7736

    A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.

    click to view

  • CVE-2017-8860

    Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web request with an extra / character, such as a "GET // HTTP/1.1" request.

    click to view

  • CVE-2017-8861

    Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets.

    click to view

  • CVE-2017-8862

    The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.

    click to view

  • CVE-2017-8863

    Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.

    click to view

  • CVE-2017-8864

    Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demonstrated by a client-side "if (!passwordsAreEqual())" test.

    click to view

  • CVE-2017-9377 (clickshare_csc-1_firmware, clickshare_csm-1_firmware)

    A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device.

    click to view

  • CVE-2017-9450 (amazon_web_services_cloudformation_bootstrap)

    The Amazon Web Services (AWS) CloudFormation bootstrap tools package (aka aws-cfn-bootstrap) before 1.4-19.10 allows local users to execute arbitrary code with root privileges by leveraging the ability to create files in an unspecified directory.

    click to view

  • CVE-2017-9806

    A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

    click to view

  • CVE-2017-9946 (apogee_pxc_bacnet_automation_controller_firmware, talon_tc_bacnet_automation_controller_firmware)

    A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions
    click to view

  • CVE-2017-9947 (apogee_pxc_bacnet_automation_controller_firmware)

    A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions
    click to view

| Date published: 2017-11-22T19:00:10Z
Back to newsfeed list
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-1999-0098 (appleshare, mercury_mail_server, slmail)
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
»CVE-1999-0725 (internet_information_server)
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker ...
»CVE-1999-1015 (appleshare_mail_server)
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attac ...
»CVE-2000-1090 (internet_information_server)
Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for pars ...
»CVE-2001-0198 (quicktime)
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbit ...
»CVE-2001-0240 (word)
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the ...
»CVE-2002-1143 (excel, word)
Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field cod ...
»CVE-2002-2132 (windows_2000, windows_xp)
Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files ...
»CVE-2003-0122 (lotus_domino, lotus_notes_client)
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote ...
»CVE-2003-0123 (lotus_domino, lotus_notes_client)
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicio ...
»CVE-2003-0664 (word, works)
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, w ...
»CVE-2006-1540 (office)
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers t ...
»CVE-2006-3647 (office)
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote use ...
»CVE-2006-5331 (linux_kernel)
The altivec_unavailable_exception function in arch/powerpc/kernel/traps.c in the Linux kernel before ...
»CVE-2007-1765 (definity_one_media_server, ie, ip600_media_servers, s3400, s8100, windows_2000, windows_2003_server, windows_vista, windows_xp)
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to exe ...


Date published: 2017-11-22T19:00:10Z
Details

»Intel Firmware Vulnerability
Original release date: November 21, 2017 Intel has released recommendations to address vulner ...
»Symantec Releases Security Update
Original release date: November 21, 2017 Symantec has released an update to address a vulnera ...
»Windows ASLR Vulnerability
Original release date: November 20, 2017 The CERT Coordination Center (CERT/CC) has released ...
»Holiday Scams and Malware Campaigns
Original release date: November 16, 2017 | Last revised: November 17, 2017 US-CERT reminds us ...
»Oracle Releases Security Alert
Original release date: November 16, 2017 Oracle has released a security alert to address mult ...
»Cisco Releases Security Update
Original release date: November 15, 2017 Cisco has released a security update to address a vu ...
»Mozilla Releases Security Updates
Original release date: November 14, 2017 Mozilla has released security updates to address mul ...
»Microsoft Releases November 2017 Security Updates
Original release date: November 14, 2017 Microsoft has released updates to address vulnerabil ...
»Adobe Releases Security Updates
Original release date: November 14, 2017 Adobe has released security updates to address vulne ...
»Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
Original release date: November 09, 2017 Microsoft has released an advisory that provides gui ...


Date published: not known
Details

»VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
At VB2017 in Madrid, Cisco Umbrella (OpenDNS) researchers Dhia Mahj ...
»Firefox 59 to make it a lot harder to use data URIs in phishing attacks
Firefox developer Mozilla has announced that, as of version 59 of t ...
»Standalone product test: FireEye Endpoint
Virus Bulletin ran a standalone test on FireEye's Endpoint Security ...
»VB2017 video: Consequences of bad security in health care
Jelena Milosevic, a nurse with a passion for IT security, is unique ...
»Vulnerabilities play only a tiny role in the security risks that come with mobile phones
Both bad news (all devices were pwnd) and good news (pwning is incr ...
»VB2017 paper: The (testing) world turned upside down
At VB2017 in Madrid, industry veteran and ESET Senior Research Fell ...
»VB2017 video: Turning Trickbot: decoding an encrypted command-and-control channel
Trickbot, a banking trojan which appeared this year, seems to be a ...
»Paper: FAME - Friendly Malware Analysis Framework
Today, we publish a short paper in which CERT Société Générale pres ...
»Ebury and Mayhem server malware families still active
Ebury and Mayhem, two families of Linux server malware, about which ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Intel Firmware Vulnerability
[21 Nov 2017 09:02am]

» Symantec Releases Security Update
[21 Nov 2017 05:40am]

» Windows ASLR Vulnerability
[20 Nov 2017 08:57am]

» Holiday Scams and Malware Campaigns
[16 Nov 2017 06:41pm]

» Oracle Releases Security Alert
[16 Nov 2017 02:39pm]

» Cisco Releases Security Update
[15 Nov 2017 10:24am]

» Mozilla Releases Security Updates
[14 Nov 2017 01:36pm]

» Microsoft Releases November 2017 Security Updates
[14 Nov 2017 11:50am]

» Adobe Releases Security Updates
[14 Nov 2017 10:41am]

» Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)
[09 Nov 2017 01:19pm]

***
US-CERT Alerts

» TA17-318B: HIDDEN COBRA – North Korean Trojan: Volgmer
[14 Nov 2017 12:00pm]

» TA17-318A: HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
[14 Nov 2017 11:09am]

» TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors
[20 Oct 2017 04:50pm]

» TA17-181A: Petya Ransomware
[30 Jun 2017 11:41pm]

» TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
[13 Jun 2017 09:45am]

» TA17-163A: CrashOverride Malware
[12 Jun 2017 03:44pm]

» TA17-156A: Reducing the Risk of SNMP Abuse
[05 Jun 2017 06:11pm]

» TA17-132A: Indicators Associated With WannaCry Ransomware
[12 May 2017 07:36pm]

» TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
[27 Apr 2017 04:50pm]

» TA17-075A: HTTPS Interception Weakens TLS Security
[16 Mar 2017 06:40am]

***
Computerworld Security

» The best mobile threat defense is mobile threat detection
[22 Nov 2017 04:34am]

» Symphony targets collaboration users outside financial services
[20 Nov 2017 12:03pm]

» Matrix Banker malware spreads to multiple industries | Salted Hash Ep 7
[20 Nov 2017 07:00am]

» Strong and stable: The iOS security guide
[17 Nov 2017 09:36am]

» Patch alert: Microsoft acknowledges printer bug; forced 1709 upgrades continue
[17 Nov 2017 07:06am]

» Microsoft forces Win10 1703 customers onto 1709, and other Patch Tuesday shenanigans
[15 Nov 2017 11:52am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Lock it down: The macOS security guide
[15 Nov 2017 07:11am]

» ‘Hey Siri, buy $100 Bitcoin for the burglar guy’
[14 Nov 2017 07:08am]

» Ransomware marketplaces and the future of malware | Salted Hash Ep 6
[13 Nov 2017 05:00am]

» The top 5 problems with blockchain
[10 Nov 2017 04:11am]

» Mingis on Tech: The iPhone X – best phone for business, or best phone ever?
[09 Nov 2017 03:15pm]

» Android security audit: An 11-step checklist
[09 Nov 2017 10:36am]

» 15% off APC 11-Outlet Surge Protector with USB Charging Ports and SurgeArrest - Deal Alert
[08 Nov 2017 06:35am]

» What is blockchain? The most disruptive tech in decades
[07 Nov 2017 06:06pm]

***
Microsoft Security Advisories

» 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 1.0
[08 Nov 2017 11:00am]

» 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0
[08 Aug 2017 11:00am]

» 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0
[27 Jun 2017 11:00am]

» 4025685 - Guidance related to June 2017 security update release - Version: 1.0
[13 Jun 2017 11:00am]

» 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
[12 May 2017 11:00am]

» 4022344 - Security Update for Microsoft Malware Protection Engine - Version: 1.2
[12 May 2017 11:00am]

» 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
[10 May 2017 11:00am]

» 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
[09 May 2017 11:00am]

» 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[14 Mar 2017 11:00am]

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

***
Security Latest

» 'Vapor Wake' Explosive-Sniffing Dogs Help Protect the Thanksgiving Day Parade
[22 Nov 2017 09:05am]

» The US Global Engagement Center's Fight Against Russian Propaganda Has Barely Started
[22 Nov 2017 04:00am]

» Uber Hid 57-Million User Data Breach For Over a Year
[21 Nov 2017 05:56pm]

» Feds Indict Iranian for HBO Hack—But Extradition Isn't Likely
[21 Nov 2017 12:47pm]

» Artificial Intelligence Can Hunt Down Missile Sites in China Hundreds of Times Faster Than Humans
[21 Nov 2017 04:00am]

» Intel Management Engine Flaws Leave Millions of PCs Exposed
[20 Nov 2017 09:10pm]

» Stopping Robocalls Will Soon Be Easier Than Ever
[20 Nov 2017 02:27pm]

» The Pentagon Left Data Exposed in the Cloud
[18 Nov 2017 07:00am]

» Everything Attorney General Jeff Sessions Has Forgotten Under Oath
[17 Nov 2017 10:03am]

» Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera
[16 Nov 2017 05:00am]

» The Vulnerabilities Equities Process Still Has Issues Even After Added Transparency
[15 Nov 2017 05:33pm]

» OnePlus Phones Have an Unfortunate Backdoor Built In
[14 Nov 2017 02:57pm]

» How to Lock Down Your Facebook Privacy Settings
[14 Nov 2017 07:10am]

» Inside the Decades-Long Fight for Better Emergency Alerts
[14 Nov 2017 06:00am]

» Watch a 10-Year-Old Beat Apple's Face ID on His Mom's iPhone X
[14 Nov 2017 05:00am]

***
Network World Security

» Docs should help design medical IoT
[17 Nov 2017 05:04am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

» Forrester predicts what’s next for IoT
[14 Nov 2017 08:17am]

» What to consider when deploying a next-generation firewall
[08 Nov 2017 11:51am]

» 7 free tools every network needs
[15 Aug 2017 01:52pm]

» Gravityscan, keeping WordPress sites safe
[24 May 2017 02:34pm]

» Network monitoring tools: Features users love and hate
[01 May 2017 04:51am]

» Book Review: Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
[27 Apr 2017 12:45pm]

» Fight firewall sprawl with AlgoSec, Tufin, Skybox suites
[10 Apr 2017 04:32am]

» Review: Canary Flex security camera lives up to its name
[24 Mar 2017 07:01am]

» Zix wins 5-vendor email encryption shootout
[13 Mar 2017 04:00am]

» Review: vArmour flips security on its head
[06 Mar 2017 03:50am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Matrix Banker malware spreads to multiple industries | Salted Hash Ep 7
[20 Nov 2017 07:00am]

» 11% off August Smart Lock Pro With Connect Bundle - Deal Alert
[15 Nov 2017 07:46am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Welcome
Username:

Password:




Remember me

[ ]

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}