Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2017
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-08-24
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-24
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-24
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-24
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-08-24
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-08-24
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-24
SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered parameter to staffbox.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-24
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-24
Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a repository or review file.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-24


Contact Us

Shodan ® - All rights reserved