|
247721
|
7.4 |
HIGH
Network
|
php
|
php
|
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is r…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-7272
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247722
|
6.1 |
MEDIUM
Network
|
yii_software
|
yii
|
Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request da…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7271
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247723
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.
|
CWE-416
Use After Free
|
CVE-2017-7191
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247724
|
7.5 |
HIGH
Network
|
extraputty
|
extraputty
|
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
|
CWE-20
Improper Input Validation
|
CVE-2017-7183
|
2024-11-21 12:31 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247725
|
6.1 |
MEDIUM
Network
|
netflix
|
security_monkey
|
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
|
CWE-601
Open Redirect
|
CVE-2017-7266
|
2024-11-21 12:31 |
2017-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247726
|
7.8 |
HIGH
Local
|
artifex
|
mupdf
|
Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unsp…
|
CWE-416
Use After Free
|
CVE-2017-7264
|
2024-11-21 12:31 |
2017-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247727
|
7.8 |
HIGH
Local
|
potrace_project
|
potrace
|
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7263
|
2024-11-21 12:31 |
2017-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247728
|
5.5 |
MEDIUM
Local
|
amd
|
ryzen
|
The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows local users to cause a denial of service (system hang) via an application that makes a long series of FMA3 instructions, as demo…
|
CWE-20
Improper Input Validation
|
CVE-2017-7262
|
2024-11-21 12:31 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247729
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to…
|
CWE-20
Improper Input Validation
|
CVE-2017-7261
|
2024-11-21 12:31 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247730
|
5.4 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7257
|
2024-11-21 12:31 |
2017-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
