|
257781
|
9.8 |
CRITICAL
Network
|
dbltek
|
web_server
|
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this pas…
|
CWE-78
OS Command
|
CVE-2017-16934
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257782
|
7.0 |
HIGH
Local
|
icinga
|
icinga
|
etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16933
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257783
|
7.5 |
HIGH
Network
|
xmlsoft
|
libxml2
|
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-16932
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257784
|
9.8 |
CRITICAL
Network
|
xmlsoft
|
libxml2
|
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16931
|
2024-11-21 12:17 |
2017-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257785
|
8.4 |
HIGH
Local
|
neutrinolabs
debian
|
xrdp
debian_linux
|
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of servic…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16927
|
2024-11-21 12:17 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257786
|
7.8 |
HIGH
Local
|
gnu
|
ncurses
|
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-16879
|
2024-11-21 12:17 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257787
|
9.8 |
CRITICAL
Network
|
ohcount_project
|
ohcount
|
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) t…
|
CWE-78
OS Command
|
CVE-2017-16926
|
2024-11-21 12:17 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257788
|
8.8 |
HIGH
Adjacent
|
tenda
|
ac9_firmware
ac15_firmware
ac18_firmware
|
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_A…
|
CWE-78
OS Command
|
CVE-2017-16923
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257789
|
9.8 |
CRITICAL
Network
|
finecms
|
finecms
|
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via …
|
NVD-CWE-noinfo
|
CVE-2017-16920
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257790
|
5.4 |
MEDIUM
Network
|
mapos_project
|
mapos
|
MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16919
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
