Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-03-15 CVE-2015-8894 Double Free vulnerability in Imagemagick
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file.
local
low complexity
imagemagick CWE-415
5.5
2017-03-15 CVE-2017-6918 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.2.16
CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page.
network
low complexity
bigtreecms CWE-352
4.3
2017-03-15 CVE-2017-6917 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.2.16
CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page.
network
low complexity
bigtreecms CWE-352
4.3
2017-03-15 CVE-2017-6916 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8
CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page.
network
low complexity
bigtreecms CWE-352
4.3
2017-03-15 CVE-2017-6915 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8
CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page.
network
low complexity
bigtreecms CWE-352
4.3
2017-03-15 CVE-2017-6914 Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8/4.2.16
CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page.
network
low complexity
bigtreecms CWE-352
7.1
2017-03-15 CVE-2017-5522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
network
low complexity
debian osgeo CWE-119
critical
9.8
2017-03-15 CVE-2016-7955 Permissions, Privileges, and Access Controls vulnerability in Alienvault Ossim and Unified Security Management
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
network
low complexity
alienvault CWE-264
critical
9.8
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1
2017-03-15 CVE-2017-6443 Cross-site Scripting vulnerability in Epson Tmnet Webconfig 1.00
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
network
low complexity
epson CWE-79
6.1