Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-09 CVE-2017-6572 SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.
network
low complexity
mail-masta-project CWE-89
7.2
7.2
2017-03-09 CVE-2017-6571 SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.
network
low complexity
mail-masta-project CWE-89
7.2
7.2
2017-03-09 CVE-2017-6570 SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.
network
low complexity
mail-masta-project CWE-89
7.2
7.2
2017-03-09 CVE-2017-6562 Cross-site Scripting vulnerability in Agora-Project 3.2.2
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
network
low complexity
agora-project CWE-79
6.1
6.1
2017-03-09 CVE-2017-6561 Cross-site Scripting vulnerability in Agora-Project 3.2.2
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
network
low complexity
agora-project CWE-79
6.1
6.1
2017-03-09 CVE-2017-6560 Cross-site Scripting vulnerability in Agora-Project 3.2.2
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
network
low complexity
agora-project CWE-79
6.1
6.1
2017-03-09 CVE-2017-6559 Cross-site Scripting vulnerability in Agora-Project 3.2.2
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
network
low complexity
agora-project CWE-79
6.1
6.1
2017-03-09 CVE-2017-6558 Use of Hard-coded Credentials vulnerability in Iball Ib-Wra150N Firmware 1.2.6
iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file.
network
low complexity
iball CWE-798
critical
 9.8
9.8
2017-03-09 CVE-2017-6556 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field.
network
low complexity
cmsmadesimple CWE-79
5.4
5.4
2017-03-09 CVE-2017-6555 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description").
network
low complexity
cmsmadesimple CWE-79
5.4
5.4