CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2017

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2015-6816 287 Bypass 2017-08-09 2017-08-20
7.5
None Remote Low Not required Partial Partial Partial
ganglia-web before 3.7.1 allows remote attackers to bypass authentication.
1352 CVE-2015-6588 79 XSS 2017-08-29 2017-09-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.
1353 CVE-2015-6498 254 2017-08-09 2017-08-25
5.0
None Remote Low Not required None Partial None
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices.
1354 CVE-2015-6473 254 2017-08-22 2017-08-26
10.0
None Remote Low Not required Complete Complete Complete
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
1355 CVE-2015-6472 255 2017-08-22 2021-07-09
5.0
None Remote Low Not required Partial None None
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
1356 CVE-2015-5958 78 Exec Code 2017-08-31 2020-06-30
9.3
None Remote Medium Not required Complete Complete Complete
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.
1357 CVE-2015-5946 184 Exec Code 2017-08-07 2017-08-15
4.6
None Local Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
1358 CVE-2015-5701 59 2017-08-25 2017-09-12
5.6
None Local Low Not required Partial Complete None
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
1359 CVE-2015-5700 59 2017-08-25 2018-10-12
5.6
None Local Low Not required Partial Complete None
mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.
1360 CVE-2015-5695 400 DoS 2017-08-31 2017-09-12
4.0
None Remote Low ??? None None Partial
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
1361 CVE-2015-5619 295 +Info 2017-08-09 2019-06-17
4.3
None Remote Medium Not required Partial None None
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
1362 CVE-2015-5293 284 2017-08-24 2017-09-07
4.3
None Remote Medium Not required Partial None None
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
1363 CVE-2015-5258 352 CSRF 2017-08-22 2021-06-09
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
1364 CVE-2015-5244 264 Bypass 2017-08-07 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
1365 CVE-2015-5224 2017-08-23 2020-09-11
7.5
None Remote Low Not required Partial Partial Partial
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.
1366 CVE-2015-5209 20 2017-08-29 2018-07-01
5.0
None Remote Low Not required None Partial None
Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.
1367 CVE-2015-5203 415 DoS 2017-08-02 2018-11-22
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
1368 CVE-2015-5153 275 +Priv 2017-08-18 2017-08-24
6.5
None Remote Low ??? Partial Partial Partial
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name.
1369 CVE-2015-5146 20 DoS 2017-08-24 2018-08-02
3.5
None Remote Medium ??? None None Partial
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
1370 CVE-2015-5081 352 CSRF 2017-08-18 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
1371 CVE-2015-5059 200 +Info 2017-08-01 2017-08-07
3.5
None Remote Medium ??? Partial None None
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
1372 CVE-2015-5057 79 XSS 2017-08-18 2020-03-14
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
1373 CVE-2015-4699 79 XSS 2017-08-24 2017-08-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.
1374 CVE-2015-4649 284 +Priv 2017-08-29 2017-09-01
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
1375 CVE-2015-4464 287 2017-08-18 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server.
1376 CVE-2015-4181 22 Dir. Trav. 2017-08-25 2017-08-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.
1377 CVE-2015-4180 22 Dir. Trav. 2017-08-25 2017-08-30
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.
1378 CVE-2015-4165 264 Exec Code 2017-08-09 2018-10-09
6.0
None Remote Medium ??? Partial Partial Partial
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
1379 CVE-2015-4082 264 +Info 2017-08-18 2017-08-25
4.0
None Remote Low ??? Partial None None
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".
1380 CVE-2015-4071 200 +Info 2017-08-18 2017-10-05
5.0
None Remote Low Not required Partial None None
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
1381 CVE-2015-4017 295 2017-08-25 2018-08-13
5.0
None Remote Low Not required None Partial None
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
1382 CVE-2015-3976 79 XSS 2017-08-28 2017-09-06
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
1383 CVE-2015-3839 476 DoS 2017-08-07 2017-08-09
2.1
None Local Low Not required None None Partial
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
1384 CVE-2015-3657 284 +Priv 2017-08-29 2017-09-07
6.5
None Remote Low ??? Partial Partial Partial
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors.
1385 CVE-2015-3656 285 +Priv 2017-08-29 2017-09-07
6.5
None Remote Low ??? Partial Partial Partial
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.
1386 CVE-2015-3655 352 CSRF 2017-08-29 2020-10-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to hijack the authentication of administrators by leveraging improper enforcement of the anti-CSRF token.
1387 CVE-2015-3654 284 +Priv 2017-08-29 2017-09-07
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
1388 CVE-2015-3653 284 DoS +Priv 2017-08-29 2017-09-06
9.0
None Remote Low ??? Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
1389 CVE-2015-3649 20 Exec Code 2017-08-18 2020-04-22
4.6
None Local Low Not required Partial Partial Partial
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created.
1390 CVE-2015-3642 200 +Info 2017-08-02 2017-08-09
4.3
None Remote Medium Not required Partial None None
The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
1391 CVE-2015-3617 264 +Priv 2017-08-22 2017-08-29
4.6
None Local Low Not required Partial Partial Partial
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
1392 CVE-2015-3616 89 Exec Code Sql 2017-08-11 2017-08-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
1393 CVE-2015-3615 79 XSS 2017-08-11 2017-08-26
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
1394 CVE-2015-3614 200 +Info 2017-08-11 2017-08-26
5.0
None Remote Low Not required Partial None None
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
1395 CVE-2015-3405 331 2017-08-09 2020-05-28
5.0
None Remote Low Not required Partial None None
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
1396 CVE-2015-3277 200 +Info 2017-08-09 2017-08-21
5.0
None Remote Low Not required Partial None None
The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.
1397 CVE-2015-3257 79 XSS 2017-08-25 2017-08-29
4.3
None Remote Medium Not required None Partial None
Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote attackers to perform cross-site scripting (XSS) or open redirect attacks.
1398 CVE-2015-3211 59 2017-08-25 2017-09-06
2.1
None Local Low Not required None Partial None
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
1399 CVE-2015-3206 287 DoS 2017-08-25 2018-12-20
6.8
None Remote Medium Not required Partial Partial Partial
The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack.
1400 CVE-2015-3156 59 2017-08-11 2017-08-25
2.1
None Local Low Not required None Partial None
The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.
Total number of vulnerabilities : 1542   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.