Open Bugtraq


2017-05-24
Med.
Med.
High
Low
Low
Low
High
2017-05-23
High
Med.
High
Med.
Low
Med.


The latest CVEs

2017-05-18
CVE-2017-9061 Wordpress Wordpress
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

CVE-2017-9062 Wordpress Wordpress
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CVE-2017-9063 Wordpress Wordpress
In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.

CVE-2017-9064 Wordpress Wordpress
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

CVE-2017-9065 Wordpress Wordpress
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.

2017-05-17
CVE-2017-4011 Mcafee Network data loss prevention
Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

CVE-2017-4012 Mcafee Network data loss prevention
Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request.

CVE-2017-4013 Mcafee Network data loss prevention
Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header.

CVE-2017-4014 Mcafee Network data loss prevention
Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request.

CVE-2017-4015 Mcafee Network data loss prevention
Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.


Dorks


2017-05-24
Med.
Persian Hack Team
Low
Persian Hack Team
2017-05-23
Med.
sohaip-hackerDZ
2017-05-22
Med.
sohaip-hackerDZ
2017-05-21
Low
Berandal

Copyright 2017, cxsecurity.com