National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • Keyword (text search): CVE-2017-1150
There are 10 matching records.
Vuln ID Summary CVSS Severity

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

Published: March 28, 2018; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page.

Published: December 11, 2017; 11:29:00 AM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access.

Published: November 02, 2017; 01:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM

When linking a Nessus scanner or agent to or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.

Published: August 09, 2017; 08:29:00 AM -04:00
V3: 7.4 HIGH
V2: 5.8 MEDIUM

The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

Published: July 21, 2017; 12:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 7.1 HIGH

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

Published: July 20, 2017; 07:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM

Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.

Published: July 20, 2017; 07:29:00 PM -04:00
V2: 5.0 MEDIUM

NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.

Published: July 20, 2017; 07:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM

A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.

Published: July 20, 2017; 06:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

Published: March 08, 2017; 02:59:00 PM -05:00
V3: 3.1 LOW
V2: 3.5 LOW