Open Bugtraq


2017-07-26
Low
High
High
Low
Low
Low
2017-07-25
High
High
High
High
High
High
High


The latest CVEs

2017-07-22
CVE-2016-10400 Atutor Atutor
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.

CVE-2017-11523 Imagemagick Imagemagick
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.

2017-07-21
CVE-2015-3932 Netlock Mokka
Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

CVE-2015-3931 Microsec E-szigno
Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

CVE-2015-3886 Libinfinity project Libinfinity
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.

CVE-2015-3640 Phpmybackuppro Phpmybackuppro
phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, an...

CVE-2015-3639 Phpmybackuppro Phpmybackuppro
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.

CVE-2015-3638 Phpmybackuppro Phpmybackuppro
phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable.

CVE-2015-3421 Eshop project Eshop
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.

CVE-2015-3170 Selinux project Selinux
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.


Dorks


2017-07-26
Low
Turkz.org
2017-07-25
High
Informacion - Anonymous
Med.
Informacion - Anonymous
2017-07-24
Med.
KiLLeR-X
2017-07-22
Med.
Informacion - Anonymous

Copyright 2017, cxsecurity.com