Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-1043 |
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. Published: January 22, 2018; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-1042 |
Moodle 3.x has Server Side Request Forgery in the filepicker. Published: January 22, 2018; 3:29:00 AM -0500 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-5968 |
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. Published: January 21, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-18047 |
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply. Published: January 21, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-10709 |
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. Published: January 21, 2018; 11:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-5962 |
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. Published: January 21, 2018; 8:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-5961 |
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. Published: January 21, 2018; 8:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-5960 |
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. Published: January 21, 2018; 8:29:00 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-5958 |
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424. Published: January 21, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5957 |
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C. Published: January 21, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2018-5956 |
In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414. Published: January 21, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5955 |
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. Published: January 21, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-18046 |
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action function in /cgi-bin/login_action.cgi (aka cgipage.cgi). Published: January 21, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-10708 |
sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. Published: January 21, 2018; 5:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18045 |
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request. Published: January 21, 2018; 2:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-15112 |
keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users. Published: January 19, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2017-15111 |
keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link. Published: January 19, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 3.6 LOW |
CVE-2017-15108 |
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. Published: January 19, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-14803 |
In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system. Published: January 19, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-12130 |
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability. Published: January 19, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |