| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
151 |
CVE-2017-6829 |
125 |
|
DoS |
2017-03-20 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
152 |
CVE-2017-6828 |
119 |
|
Overflow |
2017-03-15 |
2017-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file. |
|
153 |
CVE-2017-6827 |
119 |
|
Overflow |
2017-03-15 |
2017-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file. |
|
154 |
CVE-2017-6823 |
294 |
|
+Priv |
2017-03-12 |
2019-10-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action. |
|
155 |
CVE-2017-6820 |
79 |
|
XSS |
2017-03-12 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. |
|
156 |
CVE-2017-6819 |
352 |
|
CSRF |
2017-03-12 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This. |
|
157 |
CVE-2017-6818 |
79 |
|
XSS |
2017-03-12 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names. |
|
158 |
CVE-2017-6817 |
79 |
|
XSS |
2017-03-12 |
2019-03-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. |
|
159 |
CVE-2017-6816 |
863 |
|
|
2017-03-12 |
2019-10-03 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality. |
|
160 |
CVE-2017-6815 |
20 |
|
|
2017-03-12 |
2019-03-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation. |
|
161 |
CVE-2017-6814 |
79 |
|
XSS |
2017-03-12 |
2019-03-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js. |
|
162 |
CVE-2017-6812 |
79 |
|
XSS |
2017-03-11 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). |
|
163 |
CVE-2017-6811 |
79 |
|
XSS |
2017-03-11 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). |
|
164 |
CVE-2017-6810 |
79 |
|
XSS |
2017-03-11 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter). |
|
165 |
CVE-2017-6809 |
79 |
|
XSS |
2017-03-11 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). |
|
166 |
CVE-2017-6808 |
79 |
|
XSS |
2017-03-11 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). |
|
167 |
CVE-2017-6807 |
79 |
|
XSS |
2017-03-13 |
2017-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site. |
|
168 |
CVE-2017-6805 |
22 |
|
Dir. Trav. |
2017-03-20 |
2017-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command. |
|
169 |
CVE-2017-6804 |
79 |
|
XSS |
2017-03-10 |
2017-03-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Stored XSS Vulnerability exists in the WP Markdown Editor (aka wp-markdown-editor) plugin 2.0.3 for WordPress. An example attack vector is a crafted IMG element in Add New Post or Edit Post. |
|
170 |
CVE-2017-6803 |
352 |
|
Exec Code CSRF |
2017-03-20 |
2017-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml. |
|
171 |
CVE-2017-6802 |
125 |
|
|
2017-03-10 |
2019-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef. |
|
172 |
CVE-2017-6801 |
125 |
|
|
2017-03-10 |
2019-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef. |
|
173 |
CVE-2017-6800 |
125 |
|
|
2017-03-10 |
2019-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef. |
|
174 |
CVE-2017-6799 |
79 |
|
XSS |
2017-03-10 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. |
|
175 |
CVE-2017-6798 |
426 |
|
Exec Code |
2017-03-10 |
2022-05-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208. |
|
176 |
CVE-2017-6797 |
79 |
|
XSS |
2017-03-10 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. |
|
177 |
CVE-2017-6596 |
119 |
|
DoS Overflow |
2017-03-10 |
2017-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application. |
|
178 |
CVE-2017-6591 |
79 |
|
XSS |
2017-03-09 |
2017-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. |
|
179 |
CVE-2017-6590 |
863 |
|
Exec Code |
2017-03-09 |
2019-10-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries. |
|
180 |
CVE-2017-6589 |
79 |
|
XSS |
2017-03-09 |
2017-03-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document. |
|
181 |
CVE-2017-6578 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. |
|
182 |
CVE-2017-6577 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. |
|
183 |
CVE-2017-6576 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id. |
|
184 |
CVE-2017-6575 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. |
|
185 |
CVE-2017-6574 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. |
|
186 |
CVE-2017-6573 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. |
|
187 |
CVE-2017-6572 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. |
|
188 |
CVE-2017-6571 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id. |
|
189 |
CVE-2017-6570 |
89 |
|
Sql |
2017-03-09 |
2019-03-19 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. |
|
190 |
CVE-2017-6562 |
79 |
|
XSS |
2017-03-09 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. |
|
191 |
CVE-2017-6561 |
79 |
|
XSS |
2017-03-09 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. |
|
192 |
CVE-2017-6560 |
79 |
|
XSS |
2017-03-09 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. |
|
193 |
CVE-2017-6559 |
79 |
|
XSS |
2017-03-09 |
2019-03-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. |
|
194 |
CVE-2017-6558 |
798 |
|
Bypass |
2017-03-09 |
2021-06-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. |
|
195 |
CVE-2017-6556 |
79 |
|
XSS |
2017-03-09 |
2017-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. |
|
196 |
CVE-2017-6555 |
79 |
|
XSS |
2017-03-09 |
2017-03-18 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). |
|
197 |
CVE-2017-6552 |
400 |
|
|
2017-03-09 |
2019-10-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services. |
|
198 |
CVE-2017-6550 |
89 |
|
Exec Code Sql |
2017-03-20 |
2017-03-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. |
|
199 |
CVE-2017-6549 |
287 |
|
|
2017-03-09 |
2019-10-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers. |
|
200 |
CVE-2017-6548 |
119 |
|
Exec Code Overflow |
2017-03-09 |
2017-08-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages. |
