Open Bugtraq


2017-02-23
Med.
High
Med.
Med.
High
High
Med.
Med.
2017-02-22
Med.
Med.
Med.
Med.
High


The latest CVEs

2017-02-22
CVE-2016-9682 DELL Sonicwall secure remote access...
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't proper...

CVE-2016-9683 DELL Sonicwall secure remote access...
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doe...

CVE-2016-9684 DELL Sonicwall secure remote access...
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the informat...

2017-02-21
CVE-2017-5881 Gomlab Gom player
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.

CVE-2017-5959 Metalgenix Genixcms
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.

CVE-2017-6070 Cmsmadesimple Form builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.

CVE-2017-6071 Cmsmadesimple Form builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.

CVE-2017-6072 Cmsmadesimple Form builder
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.

CVE-2017-6078 Faststone Maxview
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.

CVE-2017-6095 Mail-masta Mail-masta plugin
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.


Dorks


2017-02-23
Med.
YANROMANOVSKY
Med.
Alone Clown Security
2017-02-22
Med.
IrIsT.Ir
Med.
IrIsT.Ir
Low
IrIsT.Ir

Copyright 2017, cxsecurity.com