CVE List - 2017 / August
Showing 1201 - 1300 of 1540 CVEs for August 2017 (Page 13 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2015-8352 | 2017-08-24 | Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. |
| CVE-2015-8355 | 2017-08-24 | Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to... |
| CVE-2017-13686 | 2017-08-24 | net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial... |
| CVE-2017-13692 | 2017-08-25 | In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. |
| CVE-2017-13693 | 2017-08-25 | The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive... |
| CVE-2017-13694 | 2017-08-25 | The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to... |
| CVE-2017-13695 | 2017-08-25 | The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive... |
| CVE-2016-5816 | 2017-08-25 | A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys... |
| CVE-2017-12703 | 2017-08-25 | A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a... |
| CVE-2017-12709 | 2017-08-25 | A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow... |
| CVE-2017-13697 | 2017-08-25 | controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable. |
| CVE-2014-7857 | 2017-08-25 | D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with... |
| CVE-2014-7858 | 2017-08-25 | The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. |
| CVE-2014-7859 | 2017-08-25 | Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers... |
| CVE-2014-7860 | 2017-08-25 | The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an... |
| CVE-2014-9564 | 2017-08-25 | CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet and IB6131 40Gb Infiniband Switch firmware before 3.4.1110 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response... |
| CVE-2014-9637 | 2017-08-25 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. |
| CVE-2015-1324 | 2017-08-25 | Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu... |
| CVE-2015-1395 | 2017-08-25 | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a... |
| CVE-2015-3206 | 2017-08-25 | The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other... |
| CVE-2015-3211 | 2017-08-25 | php-fpm allows local users to write to or create arbitrary files via a symlink attack. |
| CVE-2015-3257 | 2017-08-25 | Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks. |
| CVE-2015-4017 | 2017-08-25 | Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. |
| CVE-2015-4180 | 2017-08-25 | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of... |
| CVE-2015-4181 | 2017-08-25 | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of... |
| CVE-2015-5700 | 2017-08-25 | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. |
| CVE-2015-5701 | 2017-08-25 | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the... |
| CVE-2015-1325 | 2017-08-25 | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as... |
| CVE-2017-12694 | 2017-08-25 | A Directory Traversal issue was discovered in SpiderControl SCADA Web Server. An attacker may be able to use a simple GET request to perform a directory traversal into system files. |
| CVE-2017-12707 | 2017-08-25 | A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow. |
| CVE-2017-12857 | 2017-08-25 | Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS... |
| CVE-2017-7926 | 2017-08-25 | A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API versions prior to 2017 (1.9.0). The vulnerability allows cross-site request forgery (CSRF) attacks to occur when an otherwise-unauthorized... |
| CVE-2017-7930 | 2017-08-25 | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change... |
| CVE-2017-7934 | 2017-08-25 | An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could... |
| CVE-2017-9640 | 2017-08-25 | A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0... |
| CVE-2017-9644 | 2017-08-25 | An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC... |
| CVE-2017-9650 | 2017-08-25 | An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and... |
| CVE-2017-12816 | 2017-08-25 | In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product... |
| CVE-2017-12817 | 2017-08-25 | In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. |
| CVE-2017-7693 | 2017-08-26 | Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files. |
| CVE-2017-12595 | 2017-08-27 | The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly... |
| CVE-2017-13707 | 2017-08-27 | Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order... |
| CVE-2017-13709 | 2017-08-27 | In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree. |
| CVE-2017-13710 | 2017-08-27 | The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL... |
| CVE-2012-2805 | 2017-08-28 | Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service. |
| CVE-2013-0870 | 2017-08-28 | The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check out of header packet type check. |
| CVE-2014-0141 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. |
| CVE-2014-4925 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40. |
| CVE-2014-5301 | 2017-08-28 | Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4. |
| CVE-2014-5302 | 2017-08-28 | Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to... |
| CVE-2014-8168 | 2017-08-28 | Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. |
| CVE-2014-8426 | 2017-08-28 | Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. |
| CVE-2014-8428 | 2017-08-28 | Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. |
| CVE-2014-8753 | 2017-08-28 | Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net Cit-e-Access 6. |
| CVE-2014-8871 | 2017-08-28 | Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier. |
| CVE-2014-8900 | 2017-08-28 | Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier. |
| CVE-2014-9312 | 2017-08-28 | Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. |
| CVE-2014-9469 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, 3.6.7, 3.8.7, 4.2.2, 5.0.5, and 5.1.3. |
| CVE-2014-9483 | 2017-08-28 | Emacs 24.4 allows remote attackers to bypass security restrictions. |
| CVE-2014-9513 | 2017-08-28 | Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code. |
| CVE-2014-9514 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5. |
| CVE-2014-9557 | 2017-08-28 | Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. |
| CVE-2014-9558 | 2017-08-28 | Multiple SQL injection vulnerabilities in SmartCMS v.2. |
| CVE-2015-0101 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1,... |
| CVE-2015-0114 | 2017-08-28 | Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. |
| CVE-2015-0210 | 2017-08-28 | wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. |
| CVE-2015-0928 | 2017-08-28 | libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). |
| CVE-2015-0974 | 2017-08-28 | Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll. |
| CVE-2015-1177 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. |
| CVE-2015-1198 | 2017-08-28 | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. |
| CVE-2015-1199 | 2017-08-28 | Directory traversal vulnerability in ppmd 10.1-5. |
| CVE-2015-1386 | 2017-08-28 | Directory traversal vulnerability in unshield 1.0-1. |
| CVE-2015-1401 | 2017-08-28 | Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. |
| CVE-2015-1430 | 2017-08-28 | Buffer overflow in xymon 4.3.17-1. |
| CVE-2015-1443 | 2017-08-28 | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code. |
| CVE-2015-1445 | 2017-08-28 | HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. |
| CVE-2015-1876 | 2017-08-28 | Directory traversal vulnerability in ES File Explorer 3.2.4.1. |
| CVE-2015-2046 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. |
| CVE-2015-3976 | 2017-08-28 | GE Multilink Cross-site Scripting |
| CVE-2016-0634 | 2017-08-28 | The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine. |
| CVE-2016-7030 | 2017-08-28 | FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account... |
| CVE-2017-8380 | 2017-08-28 | Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 allows remote attackers to have unspecified impact via unknown vectors. |
| CVE-2013-7430 | 2017-08-28 | Cross-site scripting (XSS) vulnerability in the Googlemaps plugin before 3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the xmlns parameter. |
| CVE-2014-8163 | 2017-08-28 | Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. |
| CVE-2015-0233 | 2017-08-28 | Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. |
| CVE-2015-1554 | 2017-08-28 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). |
| CVE-2015-1600 | 2017-08-28 | Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. |
| CVE-2017-12840 | 2017-08-28 | A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of... |
| CVE-2017-12876 | 2017-08-28 | Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. |
| CVE-2017-12877 | 2017-08-28 | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. |
| CVE-2017-12919 | 2017-08-28 | Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. |
| CVE-2017-12920 | 2017-08-28 | CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
| CVE-2017-12921 | 2017-08-28 | PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
| CVE-2017-12922 | 2017-08-28 | wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
| CVE-2017-12923 | 2017-08-28 | OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image. |
| CVE-2017-12924 | 2017-08-28 | CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. |
| CVE-2017-12925 | 2017-08-28 | Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. |
| CVE-2017-12950 | 2017-08-28 | The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. |
| CVE-2017-12951 | 2017-08-28 | The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file. |
| CVE-2017-12952 | 2017-08-28 | The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file. |