Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-15 | CVE-2015-8894 | Double Free vulnerability in Imagemagick Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | 5.5 |
| 2017-03-15 | CVE-2017-6918 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.2.16 CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. | 4.3 |
| 2017-03-15 | CVE-2017-6917 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.2.16 CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. | 4.3 |
| 2017-03-15 | CVE-2017-6916 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8 CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. | 4.3 |
| 2017-03-15 | CVE-2017-6915 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8 CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. | 4.3 |
| 2017-03-15 | CVE-2017-6914 | Cross-Site Request Forgery (CSRF) vulnerability in Bigtreecms Bigtree CMS 4.1.8/4.2.16 CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to the admin/ajax/users/delete/ page. | 7.1 |
| 2017-03-15 | CVE-2017-5522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests. | 9.8 |
| 2017-03-15 | CVE-2016-7955 | Permissions, Privileges, and Access Controls vulnerability in Alienvault Ossim and Unified Security Management The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header. | 9.8 |
| 2017-03-15 | CVE-2016-7103 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | 6.1 |
| 2017-03-15 | CVE-2017-6443 | Cross-site Scripting vulnerability in Epson Tmnet Webconfig 1.00 Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. | 6.1 |