Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27689 of 28129

CVE-2017-9066

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class.

CVE-2017-9061

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

CVE-2017-9062

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

CVE-2017-9064

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.

CVE-2017-7433

Posted by Cyberthreat Blog | May 18, 2017 | CVE Notifications |

An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile...

Author: Cyberthreat Blog

CVE-2017-9066

CVE-2017-9061

CVE-2017-9062

CVE-2017-9064

CVE-2017-7433