Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-03 | CVE-2015-8815 | Cross-site Scripting vulnerability in Umbraco Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page. | 6.1 |
| 2017-03-03 | CVE-2015-8814 | Cross-Site Request Forgery (CSRF) vulnerability in Umbraco 7.3.8 Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file. | 8.8 |
| 2017-03-03 | CVE-2015-8813 | Server-Side Request Forgery (SSRF) vulnerability in Umbraco The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | 8.2 |
| 2017-03-03 | CVE-2017-5867 | Resource Exhaustion vulnerability in Owncloud ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file. | 6.5 |
| 2017-03-03 | CVE-2017-5866 | Information Exposure vulnerability in Owncloud The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors. | 4.3 |
| 2017-03-03 | CVE-2017-5865 | Information Exposure vulnerability in Owncloud The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts. | 3.7 |
| 2017-03-03 | CVE-2017-5836 | Double Free vulnerability in Libimobiledevice Libplist The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | 7.5 |
| 2017-03-03 | CVE-2017-5835 | Allocation of Resources Without Limits or Throttling vulnerability in Libimobiledevice Libplist libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero. | 7.5 |
| 2017-03-03 | CVE-2017-5834 | Out-of-bounds Read vulnerability in Libimobiledevice Libplist The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file. | 5.5 |
| 2017-03-03 | CVE-2017-5833 | Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |