Open Bugtraq


2017-03-30
Med.
2017-03-29
Low
Low
Low
High
Med.
2017-03-28
High
Med.
High
Med.
High
Med.
Med.


The latest CVEs

2017-03-29
CVE-2017-7298 Moodle Moodle
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.

2017-03-27
CVE-2015-8309 Fomori Cherrymusic
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

CVE-2015-8310 Fomori Cherrymusic
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.

CVE-2017-6878 Metinfo Metinfo
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.

CVE-2015-8010 Opensuse project LEAP
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

CVE-2015-8762 Freeradius Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a zero-length EAP-PWD packet.

CVE-2015-8763 Freeradius Freeradius
The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read.

CVE-2015-8764 Freeradius Freeradius
Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow.

CVE-2017-6452 NTP NTP
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.

CVE-2017-6459 NTP NTP
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.


Dorks


2017-03-29
Low
Zero Security Group
High
Turk@Xtra
Med.
Turk@Xtra
2017-03-28
High
Turk@Xtra
2017-03-27
Low
Turk@Xtra

Copyright 2017, cxsecurity.com