CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2015-5282 79 XSS 2017-09-25 2017-09-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
1102 CVE-2015-5263 295 2017-09-25 2017-10-05
6.8
None Remote Medium Not required Partial Partial Partial
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
1103 CVE-2015-5248 20 2017-09-20 2017-10-04
4.3
None Remote Medium Not required None Partial None
Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.
1104 CVE-2015-5237 787 Overflow 2017-09-25 2021-09-02
6.5
None Remote Low ??? Partial Partial Partial
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
1105 CVE-2015-5206 2017-09-13 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.
1106 CVE-2015-5186 20 2017-09-06 2017-09-13
5.0
None Remote Low Not required None Partial None
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
1107 CVE-2015-5184 2017-09-25 2021-01-05
5.0
None Remote Low Not required Partial None None
Console: CORS headers set to allow all in Red Hat AMQ.
1108 CVE-2015-5183 2017-09-25 2021-01-05
5.0
None Remote Low Not required Partial None None
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
1109 CVE-2015-5182 352 CSRF 2017-09-25 2021-07-26
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
1110 CVE-2015-5181 79 XSS 2017-09-25 2017-10-06
3.5
None Remote Medium ??? None Partial None
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
1111 CVE-2015-5179 20 2017-09-20 2017-10-03
5.0
None Remote Low Not required None Partial None
FreeIPA might display user data improperly via vectors involving non-printable characters.
1112 CVE-2015-5169 79 XSS 2017-09-25 2018-11-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.
1113 CVE-2015-5168 2017-09-13 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
1114 CVE-2015-5070 200 +Info File Inclusion 2017-09-26 2017-10-10
3.5
None Remote Medium ??? Partial None None
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.
1115 CVE-2015-5069 200 +Info File Inclusion 2017-09-26 2017-10-10
4.0
None Remote Low ??? Partial None None
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
1116 CVE-2015-5060 79 XSS 2017-09-07 2017-09-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev.
1117 CVE-2015-5054 601 2017-09-11 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
1118 CVE-2015-5052 89 Sql 2017-09-07 2017-09-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
1119 CVE-2015-4724 89 Sql 2017-09-07 2017-09-13
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in Concrete5 5.7.3.1.
1120 CVE-2015-4721 79 XSS 2017-09-07 2021-07-15
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
1121 CVE-2015-4707 79 XSS 2017-09-20 2019-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.
1122 CVE-2015-4706 79 XSS 2017-09-21 2017-09-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
1123 CVE-2015-4697 352 CSRF 2017-09-07 2017-09-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Google Analyticator Wordpress Plugin before 6.4.9.3 rev @1183563.
1124 CVE-2015-4689 640 2017-09-11 2019-03-13
5.0
None Remote Low Not required None Partial None
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset."
1125 CVE-2015-4688 200 +Info 2017-09-11 2019-03-13
5.0
None Remote Low Not required Partial None None
Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.
1126 CVE-2015-4687 79 XSS 2017-09-11 2018-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1127 CVE-2015-4685 264 +Priv 2017-09-19 2018-10-09
4.4
None Local Medium Not required Partial Partial Partial
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
1128 CVE-2015-4684 255 Dir. Trav. 2017-09-19 2018-10-09
5.5
None Remote Low ??? Partial Partial None
Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote authenticated administrators to upload arbitrary files via the (2) Filename or (3) SE_FNAME parameter to PlcmRmWeb/FileUpload or to read and remove arbitrary files via the (4) filePathName parameter in an importSipUriReservations SOAP request to PlcmRmWeb/JUserManager.
1129 CVE-2015-4683 264 +Priv +Info 2017-09-19 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.
1130 CVE-2015-4682 200 +Info 2017-09-19 2018-10-09
4.0
None Remote Low ??? Partial None None
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
1131 CVE-2015-4681 255 2017-09-19 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
1132 CVE-2015-4669 89 Sql 2017-09-25 2018-10-09
7.2
None Local Low Not required Complete Complete Complete
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
1133 CVE-2015-4668 601 2017-09-25 2018-10-09
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
1134 CVE-2015-4667 798 2017-09-25 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple hardcoded credentials in Xsuite 2.x.
1135 CVE-2015-4629 264 2017-09-07 2017-09-14
7.5
None Remote Low Not required Partial Partial Partial
Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions.
1136 CVE-2015-4627 89 Sql 2017-09-07 2017-09-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Pragyan CMS 3.0.
1137 CVE-2015-4619 352 CSRF 2017-09-07 2017-09-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Spina before commit bfe44f289e336f80b6593032679300c493735e75.
1138 CVE-2015-4523 264 DoS Exec Code Bypass 2017-09-11 2018-10-03
9.0
None Remote Low Not required Partial Partial Complete
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
1139 CVE-2015-4089 352 CSRF 2017-09-19 2019-09-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the optionsPageRequest function in admin.php in WP Fastest Cache plugin before 0.8.3.5 for WordPress allow remote attackers to hijack the authentication of unspecified victims for requests that call the (1) saveOption, (2) deleteCache, (3) deleteCssAndJsCache, or (4) addCacheTimeout method via the wpFastestCachePage parameter in the WpFastestCacheOptions/ page.
1140 CVE-2015-4085 22 Dir. Trav. 2017-09-07 2017-09-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.
1141 CVE-2015-4075 74 2017-09-20 2019-10-16
6.8
None Remote Medium Not required Partial Partial Partial
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
1142 CVE-2015-4074 22 Dir. Trav. 2017-09-20 2017-09-22
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
1143 CVE-2015-4073 89 Exec Code Sql 2017-09-20 2017-09-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
1144 CVE-2015-4072 79 XSS 2017-09-20 2017-09-22
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
1145 CVE-2015-3991 19 DoS Exec Code 2017-09-07 2018-08-13
7.5
None Remote Low Not required Partial Partial Partial
strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.
1146 CVE-2015-3890 416 2017-09-20 2020-07-31
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in Open Litespeed before 1.3.10.
1147 CVE-2015-3887 426 +Priv 2017-09-21 2017-10-03
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referenced in the LD_PRELOAD path.
1148 CVE-2015-3880 601 2017-09-19 2017-09-27
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.
1149 CVE-2015-3643 264 +Priv 2017-09-28 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
1150 CVE-2015-3454 200 XSS +Info 2017-09-06 2017-09-07
5.0
None Remote Low Not required Partial None None
TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack.
Total number of vulnerabilities : 1228   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 (This Page)24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.