Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-02 | CVE-2017-9378 | Incorrect Authorization vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. | 6.5 |
| 2017-06-02 | CVE-2017-9372 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Digium Certified Asterisk and Open Source PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | 7.5 |
| 2017-06-02 | CVE-2017-6039 | Use of Hard-coded Credentials vulnerability in Phoenixbroadband Poweragent SC3 BMS Firmware 6.86 A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. | 5.3 |
| 2017-06-02 | CVE-2017-9366 | Cross-site Scripting vulnerability in Epesi Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | 4.8 |
| 2017-06-02 | CVE-2017-9365 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. | 8.8 |
| 2017-06-02 | CVE-2017-9364 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigtreecms Bigtree CMS Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. | 9.8 |
| 2017-06-02 | CVE-2017-9363 | Deserialization of Untrusted Data vulnerability in Soffid IAM 1.7.4 Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request. | 9.8 |
| 2017-06-02 | CVE-2017-9361 | Cross-site Scripting vulnerability in Websitebaker 2.10.0 WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | 6.1 |
| 2017-06-02 | CVE-2017-9360 | SQL Injection vulnerability in Websitebaker 2.10.0 WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. | 9.8 |
| 2017-06-02 | CVE-2017-9359 | Out-of-bounds Read vulnerability in Digium Certified Asterisk and Open Source The multi-part body parser in PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet. | 7.5 |