Security Vulnerabilities - CVEs Published In March 2018
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
CVSS Score
9.8
EPSS Score
0.334
Published
2018-03-14
A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component.
CVSS Score
3.5
EPSS Score
0.001
Published
2018-03-14
A cross site scripting vulnerability exist in the Administration Console in NetIQ Access Manager (NAM) 4.3 and 4.4.
CVSS Score
3.5
EPSS Score
0.002
Published
2018-03-14
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
CVSS Score
9.8
EPSS Score
0.179
Published
2018-03-14
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
CVSS Score
6.1
EPSS Score
0.721
Published
2018-03-14
A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server.
CVSS Score
8.1
EPSS Score
0.914
Published
2018-03-14
Pradeep Makone wordpress Support Plus Responsive Ticket System version 9.0.2 and earlier contains a SQL Injection vulnerability in the function to get tickets, the parameter email in cookie was injected that can result in filter the parameter. This attack appear to be exploitable via web site, without login. This vulnerability appears to have been fixed in 9.0.3 and later.
CVSS Score
9.8
EPSS Score
0.008
Published
2018-03-14
Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1.
CVSS Score
9.1
EPSS Score
0.003
Published
2018-03-14
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-03-14
A remote code execution issue was discovered in AlienVault USM and OSSIM before 5.5.1.
CVSS Score
9.8
EPSS Score
0.025
Published
2018-03-14