Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-03 | CVE-2017-7410 | SQL Injection vulnerability in Websitebaker Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. | 9.8 |
| 2017-04-03 | CVE-2017-5686 | Incorrect Default Permissions vulnerability in Intel Nuc6I3Syh Bios and Nuc6I3Syk Bios The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. | 3.9 |
| 2017-04-03 | CVE-2017-5685 | Incorrect Default Permissions vulnerability in Intel Nuc6I7Kyk Bios Kyskli70.86A.0042.2016.0929.1933 The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information. | 3.9 |
| 2017-04-03 | CVE-2017-5684 | Incorrect Default Permissions vulnerability in Intel Stk2Mv64Cc Bios Ccsklm5V.86A.0046.2017.0105.1608 The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. | 3.9 |
| 2017-04-03 | CVE-2017-7407 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl 7.53.1 The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. | 2.4 |
| 2017-04-03 | CVE-2017-7397 | Resource Exhaustion vulnerability in Backbox Linux 4.6 BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). | 7.5 |
| 2017-04-03 | CVE-2016-10317 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript 9.20 The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc. | 7.8 |
| 2017-04-03 | CVE-2017-7402 | Code Injection vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | 9.8 |
| 2017-04-03 | CVE-2017-5642 | Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2 During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs. | 9.8 |
| 2017-04-03 | CVE-2014-3930 | Improper Access Control vulnerability in LG Project LG 1.01 lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. | 7.5 |