Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-21 | CVE-2017-6096 | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 7.2 |
| 2017-02-21 | CVE-2017-6095 | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 9.8 |
| 2017-02-21 | CVE-2017-6078 | Improper Input Validation vulnerability in Faststone Maxview 3.0/3.1 FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section. | 5.5 |
| 2017-02-21 | CVE-2017-6072 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin. | 5.3 |
| 2017-02-21 | CVE-2017-6071 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml. | 5.3 |
| 2017-02-21 | CVE-2017-6070 | Information Exposure vulnerability in Cmsmadesimple CMS Made Simple and Form Builder CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form. | 9.8 |
| 2017-02-21 | CVE-2017-5959 | Cross-Site Request Forgery (CSRF) vulnerability in Metalgenix Genixcms CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. | 9.8 |
| 2017-02-21 | CVE-2017-5881 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gomlab GOM Player 2.3.10.5266 GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file. | 7.8 |
| 2017-02-21 | CVE-2016-9316 | Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. | 5.4 |
| 2017-02-21 | CVE-2016-9315 | Permissions, Privileges, and Access Controls vulnerability in Trendmicro Interscan web Security Virtual Appliance Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. | 8.8 |