|
254571
|
7.5 |
HIGH
Network
|
zeit
|
next.js
|
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
|
CWE-22
Path Traversal
|
CVE-2017-16877
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254572
|
5.4 |
MEDIUM
Network
|
icontime
|
rtc-1000_firmware
|
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16819
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254573
|
7.5 |
HIGH
Network
|
teluu
|
pjsip
|
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wi…
|
NVD-CWE-noinfo
|
CVE-2017-16875
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254574
|
9.8 |
CRITICAL
Network
|
teluu
debian
|
pjsip
debian_linux
|
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overf…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16872
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254575
|
8.1 |
HIGH
Network
|
updraftplus
|
updraftplus
|
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before del…
|
CWE-94
Code Injection
|
CVE-2017-16871
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254576
|
8.1 |
HIGH
Network
|
updraftplus
|
updraftplus
|
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16870
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254577
|
7.8 |
HIGH
Local
|
upx_project
|
upx
|
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16869
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254578
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer ove…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16868
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254579
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
amazon_key_firmware
|
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f…
|
NVD-CWE-noinfo
|
CVE-2017-16867
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254580
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16866
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
