CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2017-6829 125 DoS 2017-03-20 2019-10-03
4.3
None Remote Medium Not required None None Partial
The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
152 CVE-2017-6828 119 Overflow 2017-03-15 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.
153 CVE-2017-6827 119 Overflow 2017-03-15 2017-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.
154 CVE-2017-6823 294 +Priv 2017-03-12 2019-10-03
6.5
None Remote Low ??? Partial Partial Partial
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
155 CVE-2017-6820 79 XSS 2017-03-12 2018-10-30
4.3
None Remote Medium Not required None Partial None
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
156 CVE-2017-6819 352 CSRF 2017-03-12 2019-03-19
4.3
None Remote Medium Not required None None Partial
In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.
157 CVE-2017-6818 79 XSS 2017-03-12 2019-03-19
4.3
None Remote Medium Not required None Partial None
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
158 CVE-2017-6817 79 XSS 2017-03-12 2019-03-19
3.5
None Remote Medium ??? None Partial None
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
159 CVE-2017-6816 863 2017-03-12 2019-10-03
5.5
None Remote Low ??? None Partial Partial
In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality.
160 CVE-2017-6815 20 2017-03-12 2019-03-19
5.8
None Remote Medium Not required Partial Partial None
In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation.
161 CVE-2017-6814 79 XSS 2017-03-12 2019-03-19
3.5
None Remote Medium ??? None Partial None
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. This is demonstrated by both (1) mishandling of the playlist shortcode in the wp_playlist_shortcode function in wp-includes/media.php and (2) mishandling of meta information in the renderTracks function in wp-includes/js/mediaelement/wp-playlist.js.
162 CVE-2017-6812 79 XSS 2017-03-11 2017-03-18
4.3
None Remote Medium Not required None Partial None
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).
163 CVE-2017-6811 79 XSS 2017-03-11 2017-03-18
4.3
None Remote Medium Not required None Partial None
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
164 CVE-2017-6810 79 XSS 2017-03-11 2017-03-18
4.3
None Remote Medium Not required None Partial None
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter).
165 CVE-2017-6809 79 XSS 2017-03-11 2017-03-18
4.3
None Remote Medium Not required None Partial None
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter).
166 CVE-2017-6808 79 XSS 2017-03-11 2017-03-18
4.3
None Remote Medium Not required None Partial None
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter).
167 CVE-2017-6807 79 XSS 2017-03-13 2017-03-15
4.3
None Remote Medium Not required None Partial None
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
168 CVE-2017-6805 22 Dir. Trav. 2017-03-20 2017-03-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
169 CVE-2017-6804 79 XSS 2017-03-10 2017-03-10
4.3
None Remote Medium Not required None Partial None
A Stored XSS Vulnerability exists in the WP Markdown Editor (aka wp-markdown-editor) plugin 2.0.3 for WordPress. An example attack vector is a crafted IMG element in Add New Post or Edit Post.
170 CVE-2017-6803 352 Exec Code CSRF 2017-03-20 2017-03-23
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin password, (2) terminate the scheduler, or (3) possibly execute arbitrary commands via crafted requests to Admin/XML/Result.xml.
171 CVE-2017-6802 125 2017-03-10 2019-05-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in ytnef before 1.9.2. There is a potential heap-based buffer over-read on incoming Compressed RTF Streams, related to DecompressRTF() in libytnef.
172 CVE-2017-6801 125 2017-03-10 2019-05-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in ytnef before 1.9.2. There is a potential out-of-bounds access with fields of Size 0 in TNEFParse() in libytnef.
173 CVE-2017-6800 125 2017-03-10 2019-05-18
5.0
None Remote Low Not required None None Partial
An issue was discovered in ytnef before 1.9.2. An invalid memory access (heap-based buffer over-read) can occur during handling of LONG data types, related to MAPIPrint() in libytnef.
174 CVE-2017-6799 79 XSS 2017-03-10 2019-03-19
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter.
175 CVE-2017-6798 426 Exec Code 2017-03-10 2022-05-01
9.3
None Remote Medium Not required Complete Complete Complete
Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulnerability that allows remote attackers to execute arbitrary code, aka Trend Micro Vulnerability Identifier 2015-0208.
176 CVE-2017-6797 79 XSS 2017-03-10 2019-03-19
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.
177 CVE-2017-6596 119 DoS Overflow 2017-03-10 2017-03-13
4.3
None Remote Medium Not required None None Partial
partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application.
178 CVE-2017-6591 79 XSS 2017-03-09 2017-03-21
4.3
None Remote Medium Not required None Partial None
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
179 CVE-2017-6590 863 Exec Code 2017-03-09 2019-10-03
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
180 CVE-2017-6589 79 XSS 2017-03-09 2017-03-10
4.3
None Remote Medium Not required None Partial None
EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.
181 CVE-2017-6578 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.
182 CVE-2017-6577 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.
183 CVE-2017-6576 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.
184 CVE-2017-6575 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
185 CVE-2017-6574 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
186 CVE-2017-6573 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
187 CVE-2017-6572 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
188 CVE-2017-6571 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
189 CVE-2017-6570 89 Sql 2017-03-09 2019-03-19
6.5
None Remote Low ??? Partial Partial Partial
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
190 CVE-2017-6562 79 XSS 2017-03-09 2019-03-19
4.3
None Remote Medium Not required None Partial None
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
191 CVE-2017-6561 79 XSS 2017-03-09 2019-03-19
4.3
None Remote Medium Not required None Partial None
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
192 CVE-2017-6560 79 XSS 2017-03-09 2019-03-19
4.3
None Remote Medium Not required None Partial None
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
193 CVE-2017-6559 79 XSS 2017-03-09 2019-03-19
4.3
None Remote Medium Not required None Partial None
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
194 CVE-2017-6558 798 Bypass 2017-03-09 2021-06-17
5.0
None Remote Low Not required Partial None None
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
195 CVE-2017-6556 79 XSS 2017-03-09 2017-03-18
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
196 CVE-2017-6555 79 XSS 2017-03-09 2017-03-18
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
197 CVE-2017-6552 400 2017-03-09 2019-10-03
7.8
None Remote Low Not required None None Complete
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.
198 CVE-2017-6550 89 Exec Code Sql 2017-03-20 2017-03-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
199 CVE-2017-6549 287 2017-03-09 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.
200 CVE-2017-6548 119 Exec Code Overflow 2017-03-09 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allow remote attackers to execute arbitrary code on the router via a long host or port in crafted multicast messages.
Total number of vulnerabilities : 1305   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.