NVD: fully analised CVE

Subscribe to NVD: fully analised CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 22 perc
2017. szeptember 21.

CVE-2017-14626 (imagemagick)

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.
2017. szeptember 21.

CVE-2017-14624 (imagemagick)

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.
2017. szeptember 21.

CVE-2017-14625 (imagemagick)

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.
2017. szeptember 20.

CVE-2015-5608 (joomla!)

Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1.
2017. szeptember 20.

CVE-2014-9758 (e-commerce)

Cross-site scripting (XSS) vulnerability in Magento E-Commerce Platform 1.9.0.1.
2017. szeptember 20.

CVE-2017-14607 (imagemagick)

In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
2017. szeptember 20.

CVE-2015-4072 (helpdesk_pro)

Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
2017. szeptember 20.

CVE-2015-4074 (helpdesk_pro)

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
2017. szeptember 20.

CVE-2015-4073 (helpdesk_pro)

Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
2017. szeptember 20.

CVE-2015-4075 (helpdesk_pro)

The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
2017. szeptember 20.

CVE-2017-12168 (linux_kernel)

The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR).
2017. szeptember 19.

CVE-2015-4681 (realpresence_resource_manager)

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
2017. szeptember 19.

CVE-2015-4682 (realpresence_resource_manager)

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
2017. szeptember 19.

CVE-2015-4683 (realpresence_resource_manager)

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
2017. szeptember 19.

CVE-2015-4684 (realpresence_resource_manager)

Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
2017. szeptember 19.

CVE-2015-4685 (realpresence_resource_manager)

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
2017. szeptember 19.

CVE-2015-0689 (cloud_web_security)

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.
2017. szeptember 19.

CVE-2017-14597 (aurora, webmail)

AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
2017. szeptember 19.

CVE-2017-14600 (pragyan_cms)

Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure.
2017. szeptember 19.

CVE-2017-14601 (pragyan_cms)

Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure.