Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1327 | 1 Ibm | 1 Inotes | 2017-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126062. | |||||
| CVE-2017-11392 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745. | |||||
| CVE-2017-11691 | 1 Cacti | 1 Cacti | 2017-08-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | |||||
| CVE-2017-11675 | 1 Zen-cart | 1 Zen Cart | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index. | |||||
| CVE-2017-11723 | 1 Xinha | 1 Xinha | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. | |||||
| CVE-2017-11756 | 1 Earcms | 1 Ear Music | 2017-08-04 | 6.0 MEDIUM | 7.0 HIGH |
| In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | |||||
| CVE-2017-1000025 | 1 Gnome | 1 Epiphany | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-10801 | 1 Phpsocial | 1 Phpsocial | 2017-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. | |||||
| CVE-2017-11184 | 1 Glpi-project | 1 Glpi | 2017-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. | |||||
| CVE-2015-1847 | 1 Appserver | 1 Appserver | 2017-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL. | |||||
| CVE-2017-11645 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2017-08-04 | 7.5 HIGH | 9.8 CRITICAL |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. | |||||
| CVE-2017-11646 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device. | |||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2017-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
| CVE-2017-11647 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2017-08-04 | 3.5 LOW | 5.4 MEDIUM |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation. | |||||
| CVE-2012-5030 | 1 Cisco | 1 Ios | 2017-08-04 | 6.8 MEDIUM | 6.5 MEDIUM |
| Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. | |||||
| CVE-2017-11727 | 1 Connectwise | 1 Manage | 2017-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS. | |||||
| CVE-2017-11726 | 1 Connectwise | 1 Manage | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting. | |||||
| CVE-2017-11648 | 1 Techroutes | 2 Tr 1803-3g, Tr 1803-3g Firmware | 2017-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering. | |||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | |||||