Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2017-5570 | SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0 An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. | 8.8 |
| 2017-01-23 | CVE-2017-5569 | SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0 An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. | 9.8 |
| 2017-01-23 | CVE-2017-5182 | Information Exposure vulnerability in Novell Open Enterprise Server 11.0/2.0/2015 Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. | 7.5 |
| 2017-01-23 | CVE-2017-5575 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. | 9.8 |
| 2017-01-23 | CVE-2017-5574 | SQL Injection vulnerability in Metalgenix Genixcms SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. | 9.8 |
| 2017-01-23 | CVE-2017-5563 | Out-of-bounds Read vulnerability in Libtiff 4.0.7 LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff. | 8.8 |
| 2017-01-23 | CVE-2017-5556 | Out-of-bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. | 8.1 |
| 2017-01-23 | CVE-2017-5554 | Improper Authentication vulnerability in Oneplus Oxygenos 3.2.8/3.5.4 An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. | 8.1 |
| 2017-01-23 | CVE-2017-5553 | Cross-site Scripting vulnerability in B2Evolution Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL. | 5.4 |
| 2017-01-23 | CVE-2017-5544 | Resource Exhaustion vulnerability in Fiberhome Fengine S5800 Firmware V210R240 An issue was discovered on FiberHome Fengine S5800 switches V210R240. | 5.9 |