| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2017-6547 |
79 |
|
XSS |
2017-03-09 |
2017-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters. |
|
202 |
CVE-2017-6544 |
79 |
|
XSS |
2017-03-08 |
2017-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter). |
|
203 |
CVE-2017-6543 |
|
|
+Priv |
2017-03-08 |
2019-10-03 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance before 4.5.0) was found to contain a flaw that allowed a remote, authenticated attacker to upload a crafted file that could be written to anywhere on the system. This could be used to subsequently gain elevated privileges on the system (e.g., after a reboot). This issue only affects installations on Windows. |
|
204 |
CVE-2017-6542 |
119 |
|
Overflow |
2017-03-27 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. |
|
205 |
CVE-2017-6541 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
206 |
CVE-2017-6540 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (configs) passed to the webpagetest-master/www/benchmarks/compare.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
207 |
CVE-2017-6539 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
208 |
CVE-2017-6538 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (video) passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
209 |
CVE-2017-6537 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (bgcolor) passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
210 |
CVE-2017-6536 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (url, pssid) passed to the webpagetest-master/www/weblite.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
211 |
CVE-2017-6535 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
212 |
CVE-2017-6534 |
79 |
|
Exec Code XSS |
2017-03-08 |
2017-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (pssid) passed to the webpagetest-master/www/pss.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
213 |
CVE-2017-6533 |
79 |
|
Exec Code XSS |
2017-03-08 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data (benchmark) passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
214 |
CVE-2017-6529 |
613 |
|
|
2017-03-09 |
2017-08-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter. |
|
215 |
CVE-2017-6528 |
522 |
|
|
2017-03-09 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file). |
|
216 |
CVE-2017-6527 |
22 |
|
Dir. Trav. |
2017-03-09 |
2017-08-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter). |
|
217 |
CVE-2017-6526 |
287 |
|
Exec Code |
2017-03-09 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests). |
|
218 |
CVE-2017-6518 |
79 |
|
XSS |
2017-03-08 |
2017-03-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter. |
|
219 |
CVE-2017-6517 |
427 |
|
Exec Code |
2017-03-23 |
2019-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process. |
|
220 |
CVE-2017-6516 |
20 |
|
+Priv |
2017-03-14 |
2019-10-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments. |
|
221 |
CVE-2017-6513 |
275 |
|
|
2017-03-11 |
2017-04-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. |
|
222 |
CVE-2017-6511 |
79 |
|
XSS |
2017-03-07 |
2017-03-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php. |
|
223 |
CVE-2017-6510 |
22 |
|
Dir. Trav. |
2017-03-16 |
2017-03-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory. |
|
224 |
CVE-2017-6509 |
79 |
|
XSS |
2017-03-07 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS in admin/components/menu/views/menuitems.php (id parameter). |
|
225 |
CVE-2017-6508 |
93 |
|
|
2017-03-07 |
2017-07-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL. |
|
226 |
CVE-2017-6507 |
269 |
|
|
2017-03-24 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle 'restart' operations removing AppArmor profiles that aren't found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what's done by LXD and Docker, are affected by this flaw in the AppArmor init script logic. |
|
227 |
CVE-2017-6506 |
119 |
|
Exec Code Overflow |
2017-03-10 |
2017-03-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string. |
|
228 |
CVE-2017-6505 |
835 |
|
DoS |
2017-03-15 |
2020-11-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. |
|
229 |
CVE-2017-6504 |
20 |
|
|
2017-03-06 |
2017-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking. |
|
230 |
CVE-2017-6503 |
79 |
|
XSS |
2017-03-06 |
2017-03-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. |
|
231 |
CVE-2017-6502 |
119 |
|
Overflow |
2017-03-06 |
2019-03-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS). |
|
232 |
CVE-2017-6501 |
476 |
|
|
2017-03-06 |
2019-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference. |
|
233 |
CVE-2017-6500 |
125 |
|
|
2017-03-06 |
2019-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read. |
|
234 |
CVE-2017-6499 |
772 |
|
|
2017-03-06 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS). |
|
235 |
CVE-2017-6498 |
20 |
|
|
2017-03-06 |
2019-03-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS. |
|
236 |
CVE-2017-6497 |
476 |
|
|
2017-03-06 |
2019-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS). |
|
237 |
CVE-2017-6492 |
89 |
|
Sql |
2017-03-05 |
2017-03-25 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization. |
|
238 |
CVE-2017-6491 |
79 |
|
Exec Code XSS |
2017-03-05 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
239 |
CVE-2017-6490 |
79 |
|
Exec Code XSS |
2017-03-05 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
240 |
CVE-2017-6489 |
79 |
|
Exec Code XSS |
2017-03-05 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
241 |
CVE-2017-6488 |
79 |
|
Exec Code XSS |
2017-03-05 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
242 |
CVE-2017-6487 |
79 |
|
Exec Code XSS |
2017-03-05 |
2022-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the "EPESI-master/modules/Utils/RecordBrowser/favorites.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
243 |
CVE-2017-6486 |
79 |
|
Exec Code XSS |
2017-03-05 |
2018-01-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
244 |
CVE-2017-6485 |
79 |
|
Exec Code XSS |
2017-03-05 |
2017-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
245 |
CVE-2017-6484 |
79 |
|
Exec Code XSS |
2017-03-05 |
2021-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the "INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
246 |
CVE-2017-6483 |
79 |
|
Exec Code XSS |
2017-03-05 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
247 |
CVE-2017-6482 |
79 |
|
Exec Code XSS |
2017-03-05 |
2017-03-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR v5_0_0. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/object_search.php" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
248 |
CVE-2017-6481 |
79 |
|
Exec Code XSS |
2017-03-05 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. |
|
249 |
CVE-2017-6480 |
79 |
|
XSS |
2017-03-05 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter). |
|
250 |
CVE-2017-6479 |
79 |
|
XSS |
2017-03-05 |
2017-03-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter). |
