CVEs from 2017
Total
11,979
critical
critical 1,647
high
high 5,043
medium
medium 4,165
low
low 159
% Critical
13.7%
% with KEV
0.7%
% with exploit
0.7%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 490
- asterisk 435
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2017-7494 | high | — | 9.5 | 3y ago | Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it. | |
| CVE-2017-8291 | high | — | 9.5 | 4y ago | Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile. | |
| CVE-2017-16651 | high | — | 9.5 | 5y ago | Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the … | |
| CVE-2017-5149 | high | 8.9 | 8.9 | 9y ago | An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). Th… | |
| CVE-2017-17095 | high | 8.8 | 8.8 | 3y ago | Moderate: libtiff security update | |
| CVE-2017-6952 | high | 8.8 | 8.8 | 4y ago | Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or p… | |
| CVE-2017-17516 | high | 8.8 | 8.8 | 4y ago | scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote att… | |
| CVE-2017-10784 | high | 8.8 | 8.8 | 4y ago | WEBrick RCE Vulnerability | |
| CVE-2017-14683 | high | 8.8 | 8.8 | 4y ago | Gem in a Box vulnerable to Cross-site Request Forgery | |
| CVE-2017-12864 | high | 8.8 | 8.8 | 5y ago | In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or… | |
| CVE-2017-12862 | high | 8.8 | 8.8 | 5y ago | In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code … | |
| CVE-2017-12603 | high | 8.8 | 8.8 | 5y ago | OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::i… | |
| CVE-2017-12598 | high | 8.8 | 8.8 | 5y ago | OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by … | |
| CVE-2017-7235 | high | 8.8 | 8.8 | 8y ago | An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. … | |
| CVE-2017-17990 | high | 8.8 | 8.8 | 9y ago | Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action. | |
| CVE-2017-17983 | high | 8.8 | 8.8 | 9y ago | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | |
| CVE-2017-17973 | high | 8.8 | 8.8 | 9y ago | In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue | |
| CVE-2017-17960 | high | 8.8 | 8.8 | 9y ago | PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via admin/sellerupd.php. | |
| CVE-2017-17950 | high | 8.8 | 8.8 | 9y ago | Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | |
| CVE-2017-17942 | high | 8.8 | 8.8 | 9y ago | In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. | |
| CVE-2017-17939 | high | 8.8 | 8.8 | 9y ago | PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php. | |
| CVE-2017-17936 | high | 8.8 | 8.8 | 9y ago | Vanguard Marketplace Digital Products PHP has CSRF via /search. | |
| CVE-2017-7160 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |
| CVE-2017-7157 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |
| CVE-2017-7156 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |
| CVE-2017-17930 | high | 8.8 | 8.8 | 9y ago | PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel. | |
| CVE-2017-17915 | high | 8.8 | 8.8 | 9y ago | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. | |
| CVE-2017-17913 | high | 8.8 | 8.8 | 9y ago | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use … | |
| CVE-2017-17912 | high | 8.8 | 8.8 | 9y ago | In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | |
| CVE-2017-17908 | high | 8.8 | 8.8 | 9y ago | PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | |
| CVE-2017-17905 | high | 8.8 | 8.8 | 9y ago | PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | |
| CVE-2017-17903 | high | 8.8 | 8.8 | 9y ago | FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | |
| CVE-2017-17894 | high | 8.8 | 8.8 | 9y ago | Readymade Job Site Script has CSRF via the /job URI. | |
| CVE-2017-17891 | high | 8.8 | 8.8 | 9y ago | Readymade Video Sharing Script has CSRF via user-profile-edit.php. | |
| CVE-2017-17888 | high | 8.8 | 8.8 | 9y ago | cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter… | |
| CVE-2017-17880 | high | 8.8 | 8.8 | 9y ago | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check. | |
| CVE-2017-17879 | high | 8.8 | 8.8 | 9y ago | In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. | |
| CVE-2017-17874 | high | 8.8 | 8.8 | 9y ago | Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI. | |
| CVE-2017-12736 | high | 8.8 | 8.8 | 9y ago | After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions. This could allow an attacker located in the adjacent network of … | |
| CVE-2017-13870 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |
| CVE-2017-13866 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |
| CVE-2017-13856 | high | 8.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected… | |
| CVE-2017-15313 | high | 8.8 | 8.8 | 9y ago | Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device. | |
| CVE-2017-15311 | high | 8.8 | 8.8 | 9y ago | The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawei smart phones with software before ALP-AL00 8.0.0.120(SP2C00), before BLA-AL00 8.0.0.120(SP2C00), before MHA-AL00B 8.0.0.334(C00… | |
| CVE-2017-15308 | high | 8.8 | 8.8 | 9y ago | Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load maliciou… | |
| CVE-2017-17410 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t… | |
| CVE-2017-17409 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t… | |
| CVE-2017-17408 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in t… | |
| CVE-2017-17831 | high | 8.8 | 8.8 | 9y ago | GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within … | |
| CVE-2017-17827 | high | 8.8 | 8.8 | 9y ago | Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin use… | |
| CVE-2017-5261 | high | 8.8 | 8.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to … | |
| CVE-2017-5260 | high | 8.8 | 8.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, although the option to access the configuration file is not available in the normal web administrative console for the 'user' acco… | |
| CVE-2017-5259 | high | 8.8 | 8.8 | 9y ago | In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, an undocumented, root-privilege administration web shell is available using the HTTP path https://<device-ip-or-hostname>/adm/sysc… | |
| CVE-2017-5255 | high | 8.8 | 8.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-… | |
| CVE-2017-5254 | high | 8.8 | 8.8 | 9y ago | In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after di… | |
| CVE-2017-16731 | high | 8.8 | 8.8 | 9y ago | An Unprotected Transport of Credentials issue was discovered in ABB Ellipse 8.3 through Ellipse 8.9 released prior to December 2017 (including Ellipse Select). A vulnerability exists in the authentic… | |
| CVE-2017-1757 | high | 8.8 | 8.8 | 9y ago | IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in … | |
| CVE-2017-1746 | high | 8.8 | 8.8 | 9y ago | IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … | |
| CVE-2017-1696 | high | 8.8 | 8.8 | 9y ago | IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to… | |
| CVE-2017-1631 | high | 8.8 | 8.8 | 9y ago | IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from … | |
| CVE-2017-17476 | high | 8.8 | 8.8 | 9y ago | Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequent… | |
| CVE-2017-4941 | high | 8.8 | 8.8 | 9y ago | VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC … | |
| CVE-2017-4933 | high | 8.8 | 8.8 | 9y ago | VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap ov… | |
| CVE-2017-16587 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16586 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16585 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16583 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16582 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16581 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16578 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16577 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16576 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16575 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16572 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-16571 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14837 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14836 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target m… | |
| CVE-2017-14835 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14834 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14833 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14832 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14831 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14830 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14829 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14828 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14827 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14826 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14825 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14824 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-14823 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-10959 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-10958 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-10957 | high | 8.8 | 8.8 | 9y ago | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the ta… | |
| CVE-2017-17782 | high | 8.8 | 8.8 | 9y ago | In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ReadOneJNGImage in coders/png.c, related to oFFs chunk allocation. | |
| CVE-2017-17774 | high | 8.8 | 8.8 | 9y ago | admin/configuration.php in Piwigo 2.9.2 has CSRF. | |
| CVE-2017-15049 | high | 8.8 | 8.8 | 9y ago | The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary… | |
| CVE-2017-15048 | high | 8.8 | 8.8 | 9y ago | Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handle… | |
| CVE-2017-17758 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to … | |
| CVE-2017-17757 | high | 8.8 | 8.8 | 9y ago | TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related t… | |
| CVE-2017-11562 | high | 8.8 | 8.8 | 9y ago | A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php. |