|
255291
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11471
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255292
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11470
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255293
|
7.5 |
HIGH
Network
|
idera
|
uptime_infrastructure_monitor
|
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
|
CWE-22
Path Traversal
|
CVE-2017-11469
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255294
|
9.8 |
CRITICAL
Network
|
orientdb
|
orientdb
|
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
|
CWE-269
Improper Privilege Management
|
CVE-2017-11467
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255295
|
7.2 |
HIGH
Network
|
dotcms
|
dotcms
|
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-11466
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255296
|
9.8 |
CRITICAL
Network
|
ruby-lang
|
ruby
|
The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-11465
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255297
|
7.8 |
HIGH
Local
|
gnome
|
librsvg
|
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.
|
CWE-369
Divide By Zero
|
CVE-2017-11464
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255298
|
7.5 |
HIGH
Network
|
geneko
|
gwr352_3g_router_firmware
gwr352wv_wide_voltage_3g_router_firmware
gwr252_edge_router_firmware
gwr202_gprs_router_firmware
|
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
|
CWE-22
Path Traversal
|
CVE-2017-11456
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255299
|
8.8 |
HIGH
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
|
NVD-CWE-noinfo
|
CVE-2017-11450
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255300
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or poss…
|
NVD-CWE-noinfo
|
CVE-2017-11449
|
2024-11-21 12:07 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
