Open Bugtraq


2017-03-29
Low
Low
Low
High
Med.
2017-03-28
High
Med.
High
Med.
High
Med.
Med.
Med.


The latest CVEs

2017-03-27
CVE-2015-8309 Fomori Cherrymusic
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

CVE-2015-8310 Fomori Cherrymusic
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.

CVE-2017-6878 Metinfo Metinfo
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php.

CVE-2015-8010 Opensuse project LEAP
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.

CVE-2017-6452 NTP NTP
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.

CVE-2017-6459 NTP NTP
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.

CVE-2017-6460 NTP NTP
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.

CVE-2017-6462 NTP NTP
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.

CVE-2017-6463 NTP NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.

CVE-2017-6464 NTP NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.


Dorks


2017-03-29
Low
Zero Security Group
High
Turk@Xtra
Med.
Turk@Xtra
2017-03-28
High
Turk@Xtra
2017-03-27
Low
Turk@Xtra

Copyright 2017, cxsecurity.com