|
252361
|
9.8 |
CRITICAL
Network
|
nexusphp_project
|
nexusphp
|
NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.
|
CWE-89
SQL Injection
|
CVE-2017-14512
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252362
|
7.5 |
HIGH
Network
|
sap
|
e-recruiting
|
An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to …
|
CWE-20
Improper Input Validation
|
CVE-2017-14511
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252363
|
6.1 |
MEDIUM
Network
|
sugarcrm
|
sugarcrm
|
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unau…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14510
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252364
|
8.8 |
HIGH
Network
|
sugarcrm
|
sugarcrm
|
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). A remote file inclusion has been identified in the Connectors …
|
CWE-20
Improper Input Validation
|
CVE-2017-14509
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252365
|
8.8 |
HIGH
Network
|
sugarcrm
|
sugarcrm
|
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails…
|
CWE-89
SQL Injection
|
CVE-2017-14508
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252366
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application cras…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14505
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252367
|
6.5 |
MEDIUM
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure the correct number of colors for the XV 332 format, leading to a NULL Pointer Dereference.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14504
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252368
|
9.8 |
CRITICAL
Network
|
iball
|
ib-wra150n_firmware
|
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs wi…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2017-14244
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252369
|
9.8 |
CRITICAL
Network
|
utstar
|
wa3002g4_firmware
|
An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials fr…
|
CWE-287
Improper Authentication
|
CVE-2017-14243
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252370
|
6.5 |
MEDIUM
Network
|
libarchive
|
libarchive
|
libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14503
|
2024-11-21 12:12 |
2017-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
