|
252351
|
8.0 |
HIGH
Network
|
crony_cronjob_manager_project
|
crony_cronjob_manager
|
WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordPress has CSRF via the name parameter in an action=manage&do=create operation, as demonstrated by inserting XSS sequences.
|
CWE-352
Origin Validation Error
|
CVE-2017-14530
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252352
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attack…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14529
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252353
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows re…
|
CWE-416
Use After Free
|
CVE-2017-14528
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252354
|
7.8 |
HIGH
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files.
|
CWE-20
Improper Input Validation
|
CVE-2017-14520
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252355
|
7.5 |
HIGH
Network
|
freedesktop
|
poppler
|
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-14519
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252356
|
7.8 |
HIGH
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document.
|
CWE-20
Improper Input Validation
|
CVE-2017-14518
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252357
|
5.5 |
MEDIUM
Local
|
freedesktop
|
poppler
|
In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14517
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252358
|
7.5 |
HIGH
Network
|
tenda
|
w15e_firmware
|
Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14515
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252359
|
7.5 |
HIGH
Network
|
tenda
|
w15e_firmware
|
Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2017-14514
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252360
|
5.3 |
MEDIUM
Network
|
metinfo
|
metinfo
|
Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/p…
|
CWE-22
Path Traversal
|
CVE-2017-14513
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
