|
251421
|
7.5 |
HIGH
Network
|
ox_project
|
ox
|
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but…
|
CWE-20
Improper Input Validation
|
CVE-2017-15928
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251422
|
7.8 |
HIGH
Local
|
shadowsocks
debian
|
shadowsocks-libev
debian_linux
|
In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related t…
|
CWE-78
OS Command
|
CVE-2017-15924
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251423
|
5.5 |
MEDIUM
Local
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15922
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251424
|
9.8 |
CRITICAL
Network
|
accesspressthemes
|
ultimate-form-builder-lite
|
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
|
CWE-89
SQL Injection
|
CVE-2017-15919
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251425
|
6.5 |
MEDIUM
Network
|
paessler
|
prtg_network_monitor
|
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
|
CWE-269
Improper Privilege Management
|
CVE-2017-15917
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251426
|
4.8 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15911
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251427
|
7.5 |
HIGH
Network
|
systemd_project
canonical
|
systemd
ubuntu_linux
|
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15908
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251428
|
9.8 |
CRITICAL
Network
|
phpcollab
|
phpcollab
|
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
|
CWE-89
SQL Injection
|
CVE-2017-15907
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251429
|
7.5 |
HIGH
Network
|
londontrustmedia
|
private_internet_access
|
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15882
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251430
|
9.8 |
CRITICAL
Network
|
dlink
|
dgs-1500_firmware
|
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-15909
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
