CVE-2017-6078
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
Source: CVE-2017-6078
[월:] 2017년 02월
CVE-2017-5959
CVE-2017-5959
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.
Source: CVE-2017-5959
CVE-2017-6095
CVE-2017-6095
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
Source: CVE-2017-6095
CVE-2017-6071
CVE-2017-6071
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
Source: CVE-2017-6071
CVE-2017-6096
CVE-2017-6096
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to WordPress admin) with the GET Parameter: filter_list.
Source: CVE-2017-6096
CVE-2016-9316
CVE-2016-9316
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
Source: CVE-2016-9316
CVE-2017-6097
CVE-2017-6097
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to WordPress admin) with the POST Parameter: camp_id.
Source: CVE-2017-6097
CVE-2017-6070
CVE-2017-6070
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
Source: CVE-2017-6070
CVE-2016-10227
CVE-2016-10227
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.
Source: CVE-2016-10227
CVE-2017-5881
CVE-2017-5881
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
Source: CVE-2017-5881