Open Bugtraq


2017-10-16
Med.
High
Med.
2017-10-15
Med.
High
Med.
Med.
Med.
Med.
High
Low
High
2017-10-14
Med.


The latest CVEs

2017-10-06
CVE-2017-13068 QNAP Qts helpdesk
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.

CVE-2015-2297 Libcsoap project Libcsoap
nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.

CVE-2014-0047 Docker Docker
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.

CVE-2014-7240 Formget Easy contact form solution
Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.

CVE-2014-8492 Cozmoslabs Profile builder
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.

CVE-2014-8758 Tech-banker Gallery bank
Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.

CVE-2017-15045 Lame project LAME
LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3lame/util.c, related to lame_encode_buffer_sample_t in libmp3lame/lame.c, a different vulnerability than CVE-2017-9410.

CVE-2017-15046 Lame project LAME
LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.

CVE-2017-15063 Intelliants Subrion cms
There are CSRF vulnerabilities in Subrion CMS before 4.2.0 because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing (for example) an attack against the query parameter to panel/database.

CVE-2014-8957 Openkm Openkm
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.


Dorks


2017-10-13
Low
Thiago "THX" Sena
2017-10-12
Med.
Iran Cyber Security Group
Med.
BY MF-PS (MOHAMMEDNAJJAR)
2017-10-08
Med.
raykooExpert
2017-10-07
Med.
priv8_team

Copyright 2017, cxsecurity.com

 

Back to Top