Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-04-03 CVE-2017-7410 SQL Injection vulnerability in Websitebaker
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.
network
low complexity
websitebaker CWE-89
critical
9.8
2017-04-03 CVE-2017-5686 Incorrect Default Permissions vulnerability in Intel Nuc6I3Syh Bios and Nuc6I3Syk Bios
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.
low complexity
intel CWE-276
3.9
2017-04-03 CVE-2017-5685 Incorrect Default Permissions vulnerability in Intel Nuc6I7Kyk Bios Kyskli70.86A.0042.2016.0929.1933
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.
low complexity
intel CWE-276
3.9
2017-04-03 CVE-2017-5684 Incorrect Default Permissions vulnerability in Intel Stk2Mv64Cc Bios Ccsklm5V.86A.0046.2017.0105.1608
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.
low complexity
intel CWE-276
3.9
2017-04-03 CVE-2017-7407 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl 7.53.1
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
low complexity
haxx CWE-119
2.4
2017-04-03 CVE-2017-7397 Resource Exhaustion vulnerability in Backbox Linux 4.6
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7).
network
low complexity
backbox CWE-400
7.5
2017-04-03 CVE-2016-10317 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Ghostscript 9.20
The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex Software, Inc.
local
low complexity
artifex CWE-119
7.8
2017-04-03 CVE-2017-7402 Code Injection vulnerability in Lucidcrew Pixie 1.04
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
network
low complexity
lucidcrew CWE-94
critical
9.8
2017-04-03 CVE-2017-5642 Incorrect Default Permissions vulnerability in Apache Ambari 2.4.0/2.4.1/2.4.2
During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.
network
low complexity
apache CWE-276
critical
9.8
2017-04-03 CVE-2014-3930 Improper Access Control vulnerability in LG Project LG 1.01
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
network
low complexity
lg-project CWE-284
7.5