Open Bugtraq


2017-03-28
High
Med.
High
Med.
High
Med.
Med.
Med.
Med.
Med.
Med.
Med.
Med.


The latest CVEs

2017-03-26
CVE-2017-7263 Potrace project Potrace
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.

CVE-2017-7264 Artifex Mupdf
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.

CVE-2017-7266 Netflix Security monkey
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

CVE-2017-2641 Moodle Moodle
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.

CVE-2017-2643 Moodle Moodle
In Moodle 3.2.x, global search displays user names for unauthenticated users.

CVE-2017-2644 Moodle Moodle
In Moodle 3.x, XSS can occur via evidence of prior learning.

CVE-2017-2645 Moodle Moodle
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.

CVE-2017-5622 Oneplus Oxygenos
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information.

CVE-2017-6002 Intelliants Subrion cms
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.

CVE-2017-6003 Dotcms Dotcms
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.


Dorks


2017-03-28
High
Turk@Xtra
2017-03-27
Low
Turk@Xtra
Low
Berandal | OWL SQUAD
2017-03-24
High
0N3R1D3R
Med.
Persian Hack Team

Copyright 2017, cxsecurity.com