Open Bugtraq


2017-04-26
High
High
High
High
Low
Med.
2017-04-25
Med.
Low
Low
Med.
High
Low
Med.


The latest CVEs

2017-04-22
CVE-2017-8053 Podofo project Podofo
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

CVE-2017-8054 Podofo project Podofo
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

2017-04-21
CVE-2016-10091 Unrtf project Unrtf
Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.

CVE-2017-7994 Podofo project Podofo
The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.

2017-04-20
CVE-2017-5190 Netiq Access manager
NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.

CVE-2017-7692 Squirrelmail Squirrelmail
SquirrelMail 1.4.22 allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the Deliver_SendMail.class.php with the initStream function that uses escapeshellcmd() to sanitize the...

CVE-2017-7982 Libimobiledevice Libplist
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.

CVE-2016-1219 Cybozu Garoon
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

CVE-2016-4650 Apple Mac os x
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVE-2016-4847 Ossec Web ui
Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex.


Dorks


2017-04-26
Med.
DefacerID
2017-04-24
Med.
The Devil
2017-04-23
Med.
Ashiyane Digital Security ...
Med.
Mohamad Peywasteh
High
Gudrdiran Security Team

Copyright 2017, cxsecurity.com