Security Vulnerabilities - CVEs Published In 2017
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before deleting a file associated with the name parameter. NOTE: the vendor reports that this does not cross a privilege boundary
CVSS Score
8.1
EPSS Score
0.011
Published
2017-11-17
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-11-17
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-11-17
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
CVSS Score
7.5
EPSS Score
0.003
Published
2017-11-17
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CVSS Score
9.8
EPSS Score
0.031
Published
2017-11-17
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-11-17
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
CVSS Score
6.1
EPSS Score
0.006
Published
2017-11-17
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17