CVE-2017-6369

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so...

CVE-2017-6971

AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862...

CVE-2017-5930

The CVE-2017-5930 issue affects PostfixAdmin's AliasHandler. The AliasHandler component before 3.0.2 permits remote authenticated domain admins to delete protected aliases via delete.php due to a missing permission check, enabling unintended alias deletion. Public sources confirm the fix is to up...

rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin

A resource-consumption flaw was found in RabbitMQ Server, where the lengthsage or lengthsincr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large...

Sql injection

SQL injection vulnerability in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows remote authenticated users to obtain product information via a crafted HTTP request parameter...

CVE-2015-4407

CVE-2015-4407 affects Hikvision NVR models DS-76xxNI-E1/2 and DS-77xxxNI-E4. A buffer overflow in handling PSIA-enabled HTTP requests allows remote authenticated users to trigger a denial of service (service interruption). The vulnerability exists in devices prior to version 3.4.0; upgrading to 3...

CVE-2017-6823

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action...

Design/Logic Flaw

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL...

Design/Logic Flaw

NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the ownerrights ACL entry...

PYSEC-2017-57

Chameleon five.pt in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates...

CVE-2016-6189

CVE-2016-6189 affects SOGo before 2.3.12 and 3.x before 3.1.1. An incomplete blacklist allows remote authenticated users to read sensitive fields in calendar feeds (ICS and XML), exposing calendar data. Impacts are limited to reading potentially sensitive information; no exploitation details are ...

PT-2017-8927 · Inverse · Sogo

Name of the Vulnerable Software and Affected Versions: SOGo versions prior to 2.3.12 SOGo versions 3.x prior to 3.1.1 Description: The issue allows remote authenticated users to obtain sensitive information by reading specific fields in calendar feeds. This is due to an incomplete blacklist...

OpenText Documentum Content Server 7.3 SQL Injection

CVE Identifier: CVE-2017-5585 Vendor: OpenText Affected products: OpenText Documentum Content Server 7.3 PostgreSQL builds only Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Fix: not available Description: Previously announced fix for...

Advantech WebAccess < 6.0-2008.06.06 Remote Authentication Bypass

Binary data 9951.prm...

CVE-2016-3063

NetApp OnCommand System Manager contains an input-escaping flaw that affects versions before 8.3.2. Due to improper escaping of special characters, remote authenticated users can trigger arbitrary API calls via unspecified vectors. Impact is the ability to perform unintended API operations, with ...

CVE-2015-8322

CVE-2015-8322 affects NetApp OnCommand System Manager 8.3.x prior to 8.3.2. The vulnerability allows remote authenticated users to execute arbitrary code via unspecified vectors. The connected documents do not specify the exact root cause, attack vectors, exploitation details, or affected subvers...

CVE-2016-3063

Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors...

CVE-2015-4049

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service data corruption or system crash via vectors related to using program operators during EPSILON level 5 based codefiles at...

CVE-2016-8918

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials...

CVE-2016-8918

IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials...