|
255541
|
5.9 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-12867
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255542
|
6.1 |
MEDIUM
Network
|
c.p.sub_project
|
c.p.sub
|
Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12856
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255543
|
5.5 |
MEDIUM
Local
|
mpg123
|
mpg123
|
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which trig…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12797
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255544
|
7.5 |
HIGH
Network
|
question2answer
|
question2answer
|
qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.
|
CWE-20
Improper Input Validation
|
CVE-2017-12775
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255545
|
8.8 |
HIGH
Network
|
nomachine
|
nomachine
|
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-12763
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255546
|
6.5 |
MEDIUM
Network
|
libgig0
|
libgig
|
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12954
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255547
|
6.5 |
MEDIUM
Network
|
libgig0
|
libgig
|
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-12953
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255548
|
6.5 |
MEDIUM
Network
|
libgig0
|
libgig
|
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-12952
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255549
|
6.5 |
MEDIUM
Network
|
libgig0
|
libgig
|
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a craft…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12951
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255550
|
6.5 |
MEDIUM
Network
|
linuxsampler
|
libgig
|
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-12950
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
