Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-0769 | SQL Injection vulnerability in Elfden Eshop Plugin 6.3.14 Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. | 8.8 |
| 2017-01-23 | CVE-2016-0765 | Cross-site Scripting vulnerability in Elfden Eshop Plugin 6.3.14 Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter. | 6.1 |
| 2017-01-23 | CVE-2015-8972 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Chess Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode. | 9.8 |
| 2017-01-23 | CVE-2015-8971 | Command Injection vulnerability in multiple products Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | 7.8 |
| 2017-01-23 | CVE-2015-8862 | Cross-site Scripting vulnerability in Mustache.Js Project Mustache.Js mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | 6.1 |
| 2017-01-23 | CVE-2015-8861 | Cross-site Scripting vulnerability in Handlebars.Js Project Handlebars.Js The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | 6.1 |
| 2017-01-23 | CVE-2015-8860 | Link Following vulnerability in Nodejs Node.Js The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | 7.5 |
| 2017-01-23 | CVE-2015-8859 | Unspecified vulnerability in Send Project Send The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | 5.3 |
| 2017-01-23 | CVE-2015-8858 | Resource Management Errors vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | 7.5 |
| 2017-01-23 | CVE-2015-8857 | 7PK - Security Features vulnerability in Uglifyjs Project Uglifyjs The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | 9.8 |