The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-6473 | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6474 | In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6478 | paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter). | MEDIUM | Mar 7, 2017 |
| CVE-2017-6479 | FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). | MEDIUM | Mar 7, 2017 |
| CVE-2017-6480 | groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). | MEDIUM | Mar 7, 2017 |
| CVE-2017-6481 | Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6483 | Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6484 | Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6485 | A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the php-calendar-master/error.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6486 | A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the reasoncms-master/www/nyroModal/demoSent.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6487 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/favorites.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6488 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6489 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6490 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6491 | Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6492 | SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. | HIGH | Mar 7, 2017 |
| CVE-2017-6497 | An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). | MEDIUM | Mar 7, 2017 |
| CVE-2017-6498 | An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6499 | An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). | MEDIUM | Mar 7, 2017 |
| CVE-2017-6500 | An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6501 | An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6502 | An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). | MEDIUM | Mar 7, 2017 |
| CVE-2017-6503 | WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6504 | WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6508 | CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. | MEDIUM | Mar 7, 2017 |
| CVE-2017-6509 | Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). | MEDIUM | Mar 7, 2017 |
| CVE-2017-5194 | Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5830 | Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts. | HIGH | Mar 6, 2017 |
| CVE-2017-5831 | Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5832 | Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address. | LOW | Mar 6, 2017 |
| CVE-2017-5833 | Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5834 | The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5835 | libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5836 | The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5974 | Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5975 | Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5976 | Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5977 | The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5978 | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5979 | The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5980 | The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-5981 | seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6384 | Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8. | HIGH | Mar 6, 2017 |
| CVE-2017-6390 | An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the whatanime.ga-master/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6391 | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the admin_console/web/tools/SimpleJWPlayer.php URL, the admin_console/web/tools/AkamaiBroadcaster.php URL, the admin_console/web/tools/bigRedButton.php URL, and the admin_console/web/tools/bigRedButtonPtsPoc.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6392 | An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6393 | An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the nagvis-master/share/userfiles/gadgets/std_table.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6395 | An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6396 | An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the webpagetest-master/www/compare-cf.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
| CVE-2017-6397 | An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | MEDIUM | Mar 6, 2017 |
