Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3184 | 1 Acti | 1 Camera Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x.x.x/setup/setup_maintain_firmware-default.html page. This will allow an attacker to perform a factory reset on the device, leading to a denial of service condition or the ability to make use of default credentials (CVE-2017-3186). | |||||
| CVE-2017-3181 | 1 Tibco | 7 Spotfire Analyst, Spotfire Client, Spotfire Connectors and 4 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client | |||||
| CVE-2017-3197 | 1 Gigabyte | 4 Gb-bsi7h-6500, Gb-bsi7h-6500 Firmware, Gb-bxi7-5775 and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash. | |||||
| CVE-2017-3202 | 1 Exadel | 1 Flamingo | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this vulnerability depends on the availability of classes in the class path that make use of deserialization. A remote attacker with the ability to spoof or control information may be able to send serialized Java objects with pre-set properties that result in arbitrary code execution when deserialized. | |||||
| CVE-2017-3198 | 1 Gigabyte | 4 Gb-bsi7h-6500, Gb-bsi7h-6500 Firmware, Gb-bxi7-5775 and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected. | |||||
| CVE-2017-3206 | 1 Exadel | 1 Flamingo | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery. | |||||
| CVE-2017-3207 | 1 Themidnightcoders | 1 Weborb For Java | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Java implementations of AMF3 deserializers in WebORB for Java by Midnight Coders, version 5.1.1.0, derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized. | |||||
| CVE-2017-3962 | 1 Mcafee | 1 Network Security Manager | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes. | |||||
| CVE-2017-3791 | 1 Cisco | 1 Cisco Prime Home | 2019-10-09 | 10.0 HIGH | 10.0 CRITICAL |
| A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837. | |||||
| CVE-2017-3936 | 1 Mcafee | 1 Epolicy Orchestrator | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output. | |||||
| CVE-2017-3968 | 1 Mcafee | 2 Network Data Loss Prevention, Network Security Manager | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Session fixation vulnerability in the web interface in McAfee Network Security Manager (NSM) before 8.2.7.42.2 and McAfee Network Data Loss Prevention (NDLP) before 9.3.4.1.5 allows remote attackers to disclose sensitive information or manipulate the database via a crafted authentication cookie. | |||||
| CVE-2017-1789 | 1 Ibm | 1 Tivoli Monitoring | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034. | |||||
| CVE-2017-2345 | 1 Juniper | 1 Junos | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected. | |||||
| CVE-2017-2343 | 1 Juniper | 14 Junos, Srx100, Srx110 and 11 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of "Status: Connected" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue. | |||||
| CVE-2017-2589 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2019-10-09 | 6.0 MEDIUM | 9.0 CRITICAL |
| It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | |||||
| CVE-2017-2628 | 2 Haxx, Redhat | 4 Curl, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. | |||||
| CVE-2017-16597 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of WRQ requests. When parsing the Filename field, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of Administrator. Was ZDI-CAN-5137. | |||||
| CVE-2017-17658 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobDefinitions Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4316. | |||||
| CVE-2017-17654 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4287. | |||||
| CVE-2017-16726 | 1 Beckhoff | 1 Twincat | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Beckhoff TwinCAT supports communication over ADS. ADS is a protocol for industrial automation in protected environments. ADS has not been designed to achieve security purposes and therefore does not include any encryption algorithms because of their negative effect on performance and throughput. An attacker can forge arbitrary ADS packets when legitimate ADS traffic is observable. | |||||
| CVE-2017-17657 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4294. | |||||
| CVE-2017-17419 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4230. | |||||
| CVE-2017-16727 | 1 Moxa | 4 Nport W2150a, Nport W2150a Firmware, Nport W2250a and 1 more | 2019-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and NPort W2250A versions prior to 1.11. The default password is empty on the device. An unauthorized user can access the device without a password. An unauthorized user has the ability to completely compromise the confidentiality and integrity of the wireless traffic. | |||||
| CVE-2017-16724 | 1 Advantech | 1 Webaccess | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. | |||||
| CVE-2017-17412 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute arbitrary code in the context of the underlying database. Was ZDI-CAN-4223. | |||||
| CVE-2017-16720 | 1 Advantech | 1 Webaccess | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A Path Traversal issue was discovered in WebAccess versions 8.3.2 and earlier. An attacker has access to files within the directory structure of the target device. | |||||
| CVE-2017-17406 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within an exposed RMI registry, which listens on TCP ports 1800 and 1850 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process. Was ZDI-CAN-4753. | |||||
| CVE-2017-17416 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4227. | |||||
| CVE-2017-17659 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4906. | |||||
| CVE-2017-17407 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content parameter provided to the script_test.jsp endpoint. A crafted content request parameter can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code under the context of the web service. Was ZDI-CAN-5080. | |||||
| CVE-2017-17414 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225. | |||||
| CVE-2017-18378 | 1 Netgear | 2 Readynas Surveillance, Readynas Surveillance Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | |||||
| CVE-2017-17656 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup JobList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4292. | |||||
| CVE-2017-17652 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4238. | |||||
| CVE-2017-17653 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupOptionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4286. | |||||
| CVE-2017-16714 | 1 Iceqube | 2 Thermal Management Center, Thermal Management Center Firmware | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Ice Qube Thermal Management Center versions prior to version 4.13, passwords are stored in plaintext in a file that is accessible without authentication. | |||||
| CVE-2017-17415 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Count method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4226. | |||||
| CVE-2017-17418 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4229. | |||||
| CVE-2017-17420 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4231. | |||||
| CVE-2017-17421 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4232. | |||||
| CVE-2017-17422 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4233. | |||||
| CVE-2017-17423 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSegment Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4234. | |||||
| CVE-2017-17424 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUScheduleSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4235. | |||||
| CVE-2017-17425 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4237. | |||||
| CVE-2017-17655 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup PluginList method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4289. | |||||
| CVE-2017-17417 | 1 Quest | 1 Netvault Backup | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228. | |||||
| CVE-2017-16608 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4749. | |||||
| CVE-2017-16610 | 1 Netgain-systems | 1 Enterprise Manager | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within upload_save_do.jsp. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code under the context of the current user. Was ZDI-CAN-4751. | |||||
| CVE-2017-16082 | 1 Node-postgres | 1 Pg | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious. | |||||
| CVE-2017-15118 | 3 Canonical, Qemu, Redhat | 3 Ubuntu Linux, Qemu, Enterprise Linux | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. | |||||