Exploit Intelligence Platform

CVE-2017-1223 6.1 MEDIUM EPSS 0.00

IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123902.

CWE-601 Jul 19, 2017

CVE-2017-1219 6.5 MEDIUM EPSS 0.01

IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.

CWE-611 Jul 19, 2017

CVE-2017-1203 6.1 MEDIUM EPSS 0.00

IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123678.

CWE-79 Jul 19, 2017

CVE-2016-6018 4.3 MEDIUM EPSS 0.00

IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.

CWE-200 Jul 19, 2017

CVE-2016-5394 6.1 MEDIUM 2 PoCs Analysis EPSS 0.01

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.

CWE-79 Jul 19, 2017

CVE-2016-7509 5.4 MEDIUM EPSS 0.00

Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.

CWE-79 Jul 19, 2017

CVE-2017-9764 6.1 MEDIUM 1 Writeup EPSS 0.00

Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.

CWE-79 Jul 19, 2017

CVE-2017-11448 6.5 MEDIUM 1 Writeup EPSS 0.01

The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

CWE-200 Jul 19, 2017

CVE-2017-11447 6.5 MEDIUM 1 Writeup EPSS 0.01

The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick before 7.0.6-1 has memory leaks, causing denial of service.

CWE-772 Jul 19, 2017

CVE-2017-11446 6.5 MEDIUM EPSS 0.00

The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.

CWE-835 Jul 19, 2017

CVE-2017-11441 5.4 MEDIUM EPSS 0.00

The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.

CWE-79 Jul 19, 2017

CVE-2017-11440 4.9 MEDIUM EPSS 0.01

In Sitecore 8.2, there is absolute path traversal via the shell/Applications/Layouts/IDE.aspx fi parameter and the admin/LinqScratchPad.aspx Reference parameter.

CWE-22 Jul 19, 2017

CVE-2017-11439 5.4 MEDIUM EPSS 0.00

In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.

CWE-79 Jul 19, 2017

CVE-2017-10801 6.1 MEDIUM EPSS 0.00

phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.

CWE-79 Jul 19, 2017

CVE-2017-11423 5.5 MEDIUM 1 Writeup EPSS 0.03

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

CWE-125 Jul 18, 2017

CVE-2017-5247 5.4 MEDIUM EPSS 0.00

Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting script will evaluated by any other authenticated user who views the attacker-supplied file name. All versions of SFT prior to 5.1.1028 are affected. The fix version is 5.1.1028.

CWE-79 Jul 18, 2017

CVE-2017-5246 4.3 MEDIUM EPSS 0.00

Biscom Secure File Transfer is vulnerable to AngularJS expression injection in the Display Name field. An authenticated user can populate this field with a valid AngularJS expression, wrapped in double curly-braces ({{ }}). This expression will be evaluated by any other authenticated user who views the attacker's display name. Affected versions are 5.0.0000 through 5.1.1026. The Issue is fixed in 5.1.1028.

CWE-74 Jul 18, 2017

CVE-2017-10962 6.1 MEDIUM EPSS 0.00

REDCap before 7.5.1 has XSS via the query string.

CWE-79 Jul 18, 2017

CVE-2017-11405 4.9 MEDIUM EPSS 0.00

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file.

CWE-434 Jul 18, 2017

CVE-2017-11404 4.9 MEDIUM EPSS 0.00

In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.

CWE-434 Jul 18, 2017