CVE-2017-1545
IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914.
Source: CVE-2017-1545
[월:] 2018년 01월
CVE-2017-1540
CVE-2017-1540
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808.
Source: CVE-2017-1540
CVE-2017-1279
CVE-2017-1279
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757.
Source: CVE-2017-1279
CVE-2017-1563
CVE-2017-1563
IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763.
Source: CVE-2017-1563
CVE-2017-1204
CVE-2017-1204
IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740.
Source: CVE-2017-1204
CVE-2017-17976
CVE-2017-17976
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
Source: CVE-2017-17976
CVE-2018-6015
CVE-2018-6015
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.
Source: CVE-2018-6015
CVE-2017-14523
CVE-2017-14523
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages.
Source: CVE-2017-14523
CVE-2017-12380
CVE-2017-12380
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.
Source: CVE-2017-12380
CVE-2017-14522
CVE-2017-14522
In WonderCMS 2.3.1, the application’s input fields accept arbitrary user input resulting in execution of malicious JavaScript.
Source: CVE-2017-14522