Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-4010 | Injection vulnerability in Magento Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. | 9.8 |
| 2017-01-23 | CVE-2016-3177 | Use After Free vulnerability in Giflib Project Giflib 5.1.2 Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | 9.8 |
| 2017-01-23 | CVE-2016-3147 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti Landesk Management Suite 10.0.0.271/9.60.0.244 Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. | 9.8 |
| 2017-01-23 | CVE-2016-2783 | Data Processing Errors vulnerability in Avaya VSP Operating System Software 4.2.2.0/5.0.0.0 Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames. | 9.8 |
| 2017-01-23 | CVE-2016-2242 | Code Injection vulnerability in Exponentcms Exponent CMS Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php. | 9.8 |
| 2017-01-23 | CVE-2016-1925 | Integer Underflow (Wrap or Wraparound) vulnerability in LHA for Unix Project LHA for Unix Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow. | 9.8 |
| 2017-01-23 | CVE-2016-1417 | Untrusted Search Path vulnerability in Snort 2.9.7.0 Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed. | 8.8 |
| 2017-01-23 | CVE-2016-1281 | Untrusted Search Path vulnerability in Idrix Truecrypt and Veracrypt Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs. | 7.8 |
| 2017-01-23 | CVE-2016-0769 | SQL Injection vulnerability in Elfden Eshop Plugin 6.3.14 Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | 8.8 |
| 2017-01-23 | CVE-2016-0765 | Cross-site Scripting vulnerability in Elfden Eshop Plugin 6.3.14 Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter. | 6.1 |