Vulnerabilities > Exposure of Resource to Wrong Sphere

DATE CVE VULNERABILITY TITLE RISK
2017-11-08 CVE-2017-16660 Exposure of Resource to Wrong Sphere vulnerability in Cacti 1.1.27
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
network
low complexity
cacti CWE-668
critical
9.0
2017-10-18 CVE-2017-15592 Exposure of Resource to Wrong Sphere vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
local
low complexity
xen CWE-668
7.2
2017-09-13 CVE-2017-12249 Exposure of Resource to Wrong Sphere vulnerability in Cisco Meeting Server
A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system.
network
low complexity
cisco CWE-668
critical
9.0
2017-08-08 CVE-2017-6872 Exposure of Resource to Wrong Sphere vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware
A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device.
network
low complexity
siemens CWE-668
6.4
2017-08-03 CVE-2017-11382 Exposure of Resource to Wrong Sphere vulnerability in Trendmicro Deep Discovery Email Inspector 2.5.1
Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service.
network
low complexity
trendmicro CWE-668
6.4
2017-06-15 CVE-2017-0215 Exposure of Resource to Wrong Sphere vulnerability in Microsoft Windows 10 and Windows Server 2016
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219.
local
low complexity
microsoft CWE-668
4.6
2017-05-15 CVE-2017-7490 Exposure of Resource to Wrong Sphere vulnerability in Moodle
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
network
low complexity
moodle CWE-668
5.0
2017-05-02 CVE-2017-8418 Exposure of Resource to Wrong Sphere vulnerability in Rubocop Project Rubocop
RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.
local
low complexity
rubocop-project CWE-668
2.1
2017-04-17 CVE-2017-5648 Exposure of Resource to Wrong Sphere vulnerability in Apache Tomcat
While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object.
network
low complexity
apache CWE-668
critical
9.1
2017-02-23 CVE-2017-6100 Exposure of Resource to Wrong Sphere vulnerability in Tcpdf Project Tcpdf
tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.
network
low complexity
tcpdf-project CWE-668
5.0