CVE-2017-7734
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via ‘Comments’ while saving Config Revisions.
Source: CVE-2017-7734
[월:] 2017년 09월
CVE-2017-3133
CVE-2017-3133
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
Source: CVE-2017-3133
CVE-2017-3131
CVE-2017-3131
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
Source: CVE-2017-3131
CVE-2017-7735
CVE-2017-7735
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.
Source: CVE-2017-7735
CVE-2017-14313
CVE-2017-14313
The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg().
Source: CVE-2017-14313
CVE-2017-14314
CVE-2017-14314
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
Source: CVE-2017-14314
CVE-2017-14312
CVE-2017-14312
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
Source: CVE-2017-14312
CVE-2015-5054
CVE-2015-5054
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
Source: CVE-2015-5054
CVE-2015-8353
CVE-2015-8353
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.
Source: CVE-2015-8353
CVE-2015-8349
CVE-2015-8349
Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.
Source: CVE-2015-8349