|
247391
|
9.8 |
CRITICAL
Network
|
easysitecms
|
easysite
|
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs ele…
|
CWE-89
SQL Injection
|
CVE-2017-9848
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247392
|
5.5 |
MEDIUM
Local
|
libtorrent
|
libtorrent
|
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9847
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247393
|
8.8 |
HIGH
Network
|
magicwinmail
|
winmail_server
|
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folde…
|
CWE-22
Path Traversal
|
CVE-2017-9846
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247394
|
4.8 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9836
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247395
|
7.5 |
HIGH
Network
|
boa
|
boa
|
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a …
|
CWE-22
Path Traversal
|
CVE-2017-9833
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247396
|
6.8 |
MEDIUM
Physics
|
libmtp_project
|
libmtp
|
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe rem…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9832
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247397
|
6.8 |
MEDIUM
Physics
|
libmtp_project
|
libmtp
|
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9831
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247398
|
7.5 |
HIGH
Network
|
vivotek
|
network_camera_ib8369_firmware
network_camera_fd8164_firmware
network_camera_fd816ba_firmware
|
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a craf…
|
CWE-22
Path Traversal
|
CVE-2017-9829
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247399
|
9.8 |
CRITICAL
Network
|
ocaml
|
ocaml
|
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_N…
|
NVD-CWE-noinfo
|
CVE-2017-9772
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247400
|
9.8 |
CRITICAL
Network
|
vivotek
|
network_camera_ib8369_firmware
network_camera_fd8164_firmware
network_camera_fd816ba_firmware
|
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root …
|
CWE-78
OS Command
|
CVE-2017-9828
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
