|
251001
|
8.8 |
HIGH
Network
|
digium
|
asterisk
certified_asterisk
|
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16671
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251002
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted f…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16669
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251003
|
7.8 |
HIGH
Local
|
backintime_project
|
backintime
|
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell com…
|
CWE-78
OS Command
|
CVE-2017-16667
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251004
|
6.1 |
MEDIUM
Network
|
remobjects
|
remoting_sdk_9
|
RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflected Cross Site Scripting (XSS) attack via the service parameter to the /soap URI, triggering an invalid attempt to generate WSDL.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16665
|
2024-11-21 12:16 |
2017-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251005
|
5.5 |
MEDIUM
Local
|
sam2p_project
|
sam2p
|
In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-16663
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251006
|
4.9 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by file…
|
CWE-200
Information Exposure
|
CVE-2017-16661
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251007
|
7.2 |
HIGH
Network
|
cacti
|
cacti
|
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP …
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-16660
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251008
|
7.8 |
HIGH
Local
|
anti-spam_smtp_proxy_project
|
anti-spam_smtp_proxy
|
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl scrip…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16659
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251009
|
9.8 |
CRITICAL
Network
|
owlmixin_project
|
owlmixin
|
An exploitable vulnerability exists in the YAML loading functionality of util.py in OwlMixin before 2.0.0a12. A "Load YAML" string or file (aka load_yaml or load_yamlf) can execute arbitrary Python c…
|
NVD-CWE-noinfo
|
CVE-2017-16618
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251010
|
9.8 |
CRITICAL
Network
|
pyanyapi_project
|
pyanyapi
|
An exploitable vulnerability exists in the YAML parsing functionality in the YAMLParser method in Interfaces.py in PyAnyAPI before 0.6.1. A YAML parser can execute arbitrary Python commands resulting…
|
NVD-CWE-noinfo
|
CVE-2017-16616
|
2024-11-21 12:16 |
2017-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
