The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-7877 | Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | HIGH | Sep 11, 2017 |
| CVE-2015-7879 | Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | LOW | Sep 11, 2017 |
| CVE-2015-8349 | Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. | MEDIUM | Sep 11, 2017 |
| CVE-2015-8350 | Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/. | MEDIUM | Sep 11, 2017 |
| CVE-2015-8351 | PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled. | MEDIUM | Sep 11, 2017 |
| CVE-2015-8353 | Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php. | MEDIUM | Sep 11, 2017 |
| CVE-2015-8354 | Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to wp-admin/users.php. | MEDIUM | Sep 11, 2017 |
| CVE-2015-9226 | Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or remote authenticated users with a valid Paypal transaction token to execute arbitrary SQL commands via the ref parameter in the (3) orderUpdate function in upload/catalog/extension/payment/paypal.php. | MEDIUM | Sep 11, 2017 |
| CVE-2015-9227 | PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | MEDIUM | Sep 11, 2017 |
| CVE-2017-1000249 | An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). | LOW | Sep 11, 2017 |
| CVE-2017-14075 | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. | HIGH | Sep 11, 2017 |
| CVE-2017-14153 | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel. | HIGH | Sep 11, 2017 |
| CVE-2017-14238 | SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter. | HIGH | Sep 11, 2017 |
| CVE-2017-14239 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | LOW | Sep 11, 2017 |
| CVE-2017-14240 | There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14241 | Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | LOW | Sep 11, 2017 |
| CVE-2017-14242 | SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. | HIGH | Sep 11, 2017 |
| CVE-2017-14247 | SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060. | HIGH | Sep 11, 2017 |
| CVE-2017-14248 | A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14249 | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14251 | Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14252 | SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. | HIGH | Sep 11, 2017 |
| CVE-2017-14257 | In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core/Ap4AtomSampleTable.cpp contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14258 | In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14259 | In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14260 | In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this vulnerability and possibly execute arbitrary code by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14261 | In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom.cpp file contains a Read Memory Access Violation vulnerability. It is possible to exploit this vulnerability by opening a crafted .MP4 file. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14262 | On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | HIGH | Sep 11, 2017 |
| CVE-2017-14263 | Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can login to the device with that new user account to fully control the device. | HIGH | Sep 11, 2017 |
| CVE-2017-14265 | A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack. | HIGH | Sep 11, 2017 |
| CVE-2017-14267 | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related to goform/AddNewProfile, goform/setWanDisconnect, goform/setSMSAutoRedirectSetting, goform/setReset, and goform/uploadBackupSettings. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14268 | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14269 | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attackers to obtain sensitive information via a JSONP endpoint, as demonstrated by passwords and SMS content. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14270 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at ntdll_77400000!RtlFillMemoryUlong+0x0000000000000010. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14271 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14272 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at jbig2dec+0x000000000000595d. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14273 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14274 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14275 | XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14276 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14277 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at jbig2dec+0x0000000000005956. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14278 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at jbig2dec+0x0000000000005940. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14279 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at jbig2dec+0x0000000000005643. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14280 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14281 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at jbig2dec+0x00000000000090f1. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14282 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at jbig2dec+0x0000000000005862. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14283 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a Read Access Violation starting at jbig2dec+0x0000000000008fe4. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14284 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x000000000000016c. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14285 | XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x000000000000039b. | MEDIUM | Sep 11, 2017 |
| CVE-2017-14286 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c. | MEDIUM | Sep 11, 2017 |
