|
255541
|
5.5 |
MEDIUM
Local
|
imagemagick
|
imagemagick
|
The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted MNG image.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10995
|
2024-11-21 12:06 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255542
|
7.3 |
HIGH
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.
|
CWE-123
Write-what-where Condition
|
CVE-2017-10994
|
2024-11-21 12:06 |
2017-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255543
|
6.1 |
MEDIUM
Network
|
wp-statistics
|
wp_statistics
|
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10991
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255544
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
An issue was discovered in Irssi before 1.0.4. While updating the internal nick list, Irssi could incorrectly use the GHashTable interface and free the nick while updating it. This would then result …
|
CWE-416
Use After Free
|
CVE-2017-10966
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255545
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-10965
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255546
|
9.8 |
CRITICAL
Network
|
sqlite
|
sqlite
|
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer ove…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10989
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255547
|
7.5 |
HIGH
Network
|
yaws
|
yaws
|
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protec…
|
CWE-22
Path Traversal
|
CVE-2017-10974
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255548
|
9.8 |
CRITICAL
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
|
CWE-94
Code Injection
|
CVE-2017-10968
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255549
|
6.5 |
MEDIUM
Network
|
finecms_project
|
finecms
|
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-10973
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255550
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10967
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
