Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-16724 |
A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. Published: January 05, 2018; 3:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-16720 |
A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. Published: January 05, 2018; 3:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2017-16716 |
A SQL Injection issue was discovered in WebAccess versions prior to 8.3. WebAccess does not properly sanitize its inputs for SQL commands. Published: January 05, 2018; 3:29:00 AM -0500 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-5220 |
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002610. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5219 |
In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002168. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5218 |
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5217 |
In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x95002578. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.1 MEDIUM |
CVE-2018-5216 |
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-5215 |
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-17867 |
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration. Published: January 04, 2018; 2:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-5214 |
The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. Published: January 04, 2018; 1:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-5213 |
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. Published: January 04, 2018; 1:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-5212 |
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. Published: January 04, 2018; 1:29:00 PM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-1727 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-1699 |
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissions on certain files it creates. A local attacker could exploit this vulnerability to modify or delete data contained in the files with an unknown impact. IBM X-Force ID: 134391. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 3.3 LOW V2.0: 3.6 LOW |
CVE-2017-1673 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133640. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-1672 |
IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-1669 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 133636. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 3.7 LOW V2.0: 4.3 MEDIUM |
CVE-2017-1665 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133559. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-1664 |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 133557. Published: January 04, 2018; 12:29:00 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |