|
253451
|
7.8 |
HIGH
Local
|
upx_project
|
upx
|
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16869
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253452
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer ove…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16868
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253453
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
amazon_key_firmware
|
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f…
|
NVD-CWE-noinfo
|
CVE-2017-16867
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253454
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16866
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253455
|
5.4 |
MEDIUM
Network
|
vonage
|
vdv-23_firmware
|
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16843
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253456
|
8.1 |
HIGH
Network
|
shibboleth
debian
|
opensaml
debian_linux
|
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16853
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253457
|
8.1 |
HIGH
Network
|
shibboleth
debian
|
service_provider
debian_linux
|
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and d…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16852
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253458
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16851
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253459
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
|
CWE-89
SQL Injection
|
CVE-2017-16850
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253460
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16849
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
