Security Vulnerabilities - CVEs Published In November 2017
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-11-08
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-11-08
Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2) userid parameter to register.php.
CVSS Score
9.8
EPSS Score
0.024
Published
2017-11-08
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
CVSS Score
8.8
EPSS Score
0.097
Published
2017-11-08
Special crafted InPage document leads to arbitrary code execution in InPage reader.
CVSS Score
7.8
EPSS Score
0.007
Published
2017-11-08
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).
CVSS Score
5.9
EPSS Score
0.005
Published
2017-11-08
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-08
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-11-08
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVSS Score
7.2
EPSS Score
0.015
Published
2017-11-08
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
CVSS Score
4.9
EPSS Score
0.002
Published
2017-11-08