|
264401
|
7.8 |
HIGH
Local
|
hola
|
vpn
|
Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges via a Trojan horse 7za.exe or hola.exe file.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16757
|
2024-11-21 12:16 |
2017-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264402
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer der…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16711
|
2024-11-21 12:16 |
2017-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264403
|
8.0 |
HIGH
Adjacent
|
datto
|
windows_agent
|
Datto Windows Agent allows unauthenticated remote command execution via a modified command in conjunction with CVE-2017-16673 exploitation, aka an attack with a malformed primary whitelisted command …
|
NVD-CWE-noinfo
|
CVE-2017-16674
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264404
|
5.3 |
MEDIUM
Adjacent
|
datto
|
backup_agent
|
Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming connections. This allows an attacker to impersonate a Datto Backup Appliance to "pair" with the agent and issue requests to this …
|
CWE-200
Information Exposure
|
CVE-2017-16673
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264405
|
5.9 |
MEDIUM
Network
|
digium
|
asterisk
certified_asterisk
|
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-16672
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264406
|
8.8 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16671
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264407
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted f…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16669
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264408
|
7.8 |
HIGH
Local
|
backintime_project
|
backintime
|
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell com…
|
CWE-78
OS Command
|
CVE-2017-16667
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264409
|
6.1 |
MEDIUM
Network
|
remobjects
|
remoting_sdk_9
|
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16665
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264410
|
5.5 |
MEDIUM
Local
|
sam2p_project
|
sam2p
|
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-16663
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
