|
258991
|
5.5 |
MEDIUM
Local
|
ytnef_project
|
ytnef
|
In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12141
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258992
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.
|
CWE-400
CWE-681
Uncontrolled Resource Consumption
Incorrect Conversion between Numeric Types
|
CVE-2017-12140
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258993
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12139
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258994
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
|
CWE-601
Open Redirect
|
CVE-2017-12138
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258995
|
5.9 |
MEDIUM
Network
|
gnu
|
glibc
|
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-12132
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258996
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execu…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12062
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258997
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized befor…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12061
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258998
|
6.5 |
MEDIUM
Network
|
underbit
|
mad_libmad
|
mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11552
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258999
|
6.1 |
MEDIUM
Network
|
goldplugins
|
easy_testimonials
|
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excer…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12131
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259000
|
6.1 |
MEDIUM
Network
|
event_list_project
|
event_list
|
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12068
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
