| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8675 | Hig | 0.46 | 7.0 | 0.02 | Sep 13, 2017 | The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability… | ||
| CVE-2017-8660 | Hig | 0.58 | 8.8 | 0.10 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka… | ||
| CVE-2017-8649 | Hig | 0.49 | 7.5 | 0.09 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting… | ||
| CVE-2017-8632 | Hig | 0.52 | 7.8 | 0.17 | Sep 13, 2017 | A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and… | ||
| CVE-2017-8631 | Hig | 0.52 | 7.8 | 0.16 | Sep 13, 2017 | A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft… | ||
| CVE-2017-8630 | Hig | 0.52 | 7.8 | 0.20 | Sep 13, 2017 | Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744. | ||
| CVE-2017-8567 | Hig | 0.52 | 7.8 | 0.20 | Sep 13, 2017 | A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution". | ||
| CVE-2017-11766 | Hig | 0.49 | 7.5 | 0.09 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption… | ||
| CVE-2017-11764 | Hig | 0.57 | 7.5 | 0.64 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption… | ||
| CVE-2017-0161 | Hig | 0.54 | 8.1 | 0.11 | Sep 13, 2017 | The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it… | ||
| CVE-2017-1452 | Hig | 0.51 | 7.8 | 0.00 | Sep 12, 2017 | IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180. | ||
| CVE-2017-1451 | Hig | 0.51 | 7.8 | 0.00 | Sep 12, 2017 | IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. | ||
| CVE-2017-14399 | Hig | 0.57 | 8.8 | 0.01 | Sep 12, 2017 | In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php. | ||
| CVE-2017-1162 | Hig | 0.49 | 7.5 | 0.02 | Sep 12, 2017 | IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. | ||
| CVE-2017-14348 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2017 | LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file. | ||
| CVE-2017-14344 | Hig | 0.54 | 7.8 | 0.02 | Sep 12, 2017 | This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the… | ||
| CVE-2017-1000251 | Hig | 0.56 | 8.0 | 0.16 | Sep 12, 2017 | The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel… | ||
| CVE-2017-14337 | Hig | 0.53 | 8.1 | 0.01 | Sep 12, 2017 | When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user… | ||
| CVE-2017-14319 | Hig | 0.57 | 8.8 | 0.00 | Sep 12, 2017 | A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly,… | ||
| CVE-2017-14316 | Hig | 0.57 | 8.8 | 0.00 | Sep 12, 2017 | A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While… | ||
| CVE-2017-14315 | Hig | 0.49 | 7.5 | 0.01 | Sep 12, 2017 | In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly… | ||
| CVE-2014-9624 | Hig | 0.49 | 7.5 | 0.03 | Sep 12, 2017 | CAPTCHA bypass vulnerability in MantisBT before 1.2.19. | ||
| CVE-2017-14335 | Hig | 0.54 | 7.5 | 0.28 | Sep 12, 2017 | On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change. | ||
| CVE-2017-14333 | Hig | 0.51 | 7.8 | 0.01 | Sep 12, 2017 | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of… | ||
| CVE-2017-14266 | Hig | 0.54 | 7.8 | 0.04 | Sep 12, 2017 | tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160. | ||
| CVE-2015-9228 | Hig | 0.57 | 8.8 | 0.04 | Sep 12, 2017 | In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php. | ||
| CVE-2017-14312 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging… | ||
| CVE-2015-9227 | Hig | 0.47 | 7.2 | 0.02 | Sep 11, 2017 | PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2. | ||
| CVE-2015-9226 | Hig | 0.47 | 7.2 | 0.02 | Sep 11, 2017 | Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or… | ||
| CVE-2017-14310 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869." | ||
| CVE-2017-14309 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8." | ||
| CVE-2017-14308 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd." | ||
| CVE-2017-14307 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402." | ||
| CVE-2017-14306 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10." | ||
| CVE-2017-14305 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578." | ||
| CVE-2017-14304 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0." | ||
| CVE-2017-14303 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047." | ||
| CVE-2017-14302 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7." | ||
| CVE-2017-14301 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3." | ||
| CVE-2017-14300 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479." | ||
| CVE-2017-14299 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b." | ||
| CVE-2017-14298 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8." | ||
| CVE-2017-14297 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35." | ||
| CVE-2017-14296 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6." | ||
| CVE-2017-14295 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9." | ||
| CVE-2017-14294 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e." | ||
| CVE-2017-14293 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1." | ||
| CVE-2017-14292 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e." | ||
| CVE-2017-14291 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8." | ||
| CVE-2017-14290 | Hig | 0.51 | 7.8 | 0.00 | Sep 11, 2017 | STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d." |
- risk 0.46cvss 7.0epss 0.02
The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability…
- risk 0.58cvss 8.8epss 0.10
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka…
- risk 0.49cvss 7.5epss 0.09
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting…
- risk 0.52cvss 7.8epss 0.17
A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and…
- risk 0.52cvss 7.8epss 0.16
A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft…
- risk 0.52cvss 7.8epss 0.20
Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744.
- risk 0.52cvss 7.8epss 0.20
A remote code execution vulnerability exists in Microsoft Excel for Mac 2011 when it fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution".
- risk 0.49cvss 7.5epss 0.09
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption…
- risk 0.57cvss 7.5epss 0.64
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption…
- risk 0.54cvss 8.1epss 0.11
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it…
- risk 0.51cvss 7.8epss 0.00
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
- risk 0.51cvss 7.8epss 0.00
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.
- risk 0.57cvss 8.8epss 0.01
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend\media\ajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
- risk 0.49cvss 7.5epss 0.02
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.
- risk 0.57cvss 8.8epss 0.02
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
- risk 0.54cvss 7.8epss 0.02
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the…
- risk 0.56cvss 8.0epss 0.16
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel…
- risk 0.53cvss 8.1epss 0.01
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user…
- risk 0.57cvss 8.8epss 0.00
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly,…
- risk 0.57cvss 8.8epss 0.00
A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While…
- risk 0.49cvss 7.5epss 0.01
In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly…
- risk 0.49cvss 7.5epss 0.03
CAPTCHA bypass vulnerability in MantisBT before 1.2.19.
- risk 0.54cvss 7.5epss 0.28
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
- risk 0.51cvss 7.8epss 0.01
The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of…
- risk 0.54cvss 7.8epss 0.04
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.
- risk 0.57cvss 8.8epss 0.04
In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for WordPress, unrestricted file upload is available via the name parameter, if a file extension is changed from .jpg to .php.
- risk 0.51cvss 7.8epss 0.00
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging…
- risk 0.47cvss 7.2epss 0.02
PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.
- risk 0.47cvss 7.2epss 0.02
Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_admin_download.php or…
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8."
- risk 0.51cvss 7.8epss 0.00
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."