|
259061
|
9.8 |
CRITICAL
Network
|
metinfo_project
|
metinfo
|
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .pht…
|
CWE-94
Code Injection
|
CVE-2017-11715
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259062
|
7.8 |
HIGH
Local
|
artifex
debian
|
ghostscript
debian_linux
|
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecif…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11714
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259063
|
7.5 |
HIGH
Network
|
boozt
|
boozt
|
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the …
|
CWE-200
Information Exposure
|
CVE-2017-11706
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259064
|
6.5 |
MEDIUM
Network
|
libming
|
ming
|
A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11705
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259065
|
6.5 |
MEDIUM
Network
|
libming
|
ming
|
A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11704
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259066
|
6.5 |
MEDIUM
Network
|
libming
|
ming
|
A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11703
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259067
|
5.4 |
MEDIUM
Network
|
netcomm
|
4gt101w_software
4gt101w_bootloader
|
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in su…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11647
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259068
|
8.8 |
HIGH
Network
|
netcomm
|
4gt101w_software
4gt101w_bootloader
|
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. The…
|
CWE-352
Origin Validation Error
|
CVE-2017-11646
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259069
|
9.8 |
CRITICAL
Network
|
netcomm
|
4gt101w_software
4gt101w_bootloader
|
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html.
|
CWE-287
Improper Authentication
|
CVE-2017-11645
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259070
|
7.5 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted strea…
|
CWE-20
Improper Input Validation
|
CVE-2017-11665
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
