|
258771
|
7.8 |
HIGH
Local
|
backintime_project
|
backintime
|
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell com…
|
CWE-78
OS Command
|
CVE-2017-16667
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258772
|
6.1 |
MEDIUM
Network
|
remobjects
|
remoting_sdk_9
|
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16665
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258773
|
5.5 |
MEDIUM
Local
|
sam2p_project
|
sam2p
|
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-16663
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258774
|
4.9 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by file…
|
CWE-200
Information Exposure
|
CVE-2017-16661
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258775
|
7.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-16660
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258776
|
7.8 |
HIGH
Local
|
anti-spam_smtp_proxy_project
|
anti-spam_smtp_proxy
|
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl scrip…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16659
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258777
|
9.8 |
CRITICAL
Network
|
owlmixin_project
|
owlmixin
|
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python c…
|
NVD-CWE-noinfo
|
CVE-2017-16618
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258778
|
9.8 |
CRITICAL
Network
|
pyanyapi_project
|
pyanyapi
|
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting…
|
NVD-CWE-noinfo
|
CVE-2017-16616
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258779
|
9.8 |
CRITICAL
Network
|
mlalchemy_project
|
mlalchemy
|
An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser…
|
NVD-CWE-noinfo
|
CVE-2017-16615
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258780
|
6.6 |
MEDIUM
Physics
|
linux
|
linux_kernel
|
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have u…
|
CWE-369
Divide By Zero
|
CVE-2017-16650
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
