|
253331
|
5.5 |
MEDIUM
Local
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
|
CWE-369
Divide By Zero
|
CVE-2017-15266
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253332
|
9.8 |
CRITICAL
Network
|
flexense
|
vx_search
|
Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary cod…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15220
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253333
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage.
|
CWE-416
Use After Free
|
CVE-2017-15238
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253334
|
7.5 |
HIGH
Network
|
tiandy
|
tiandy_ip_camera_firmware
|
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config…
|
CWE-200
Information Exposure
|
CVE-2017-15236
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253335
|
7.5 |
HIGH
Network
|
horde
|
groupware
|
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact fi…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2017-15235
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253336
|
6.5 |
MEDIUM
Network
|
libjpeg-turbo
|
libjpeg-turbo
|
libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15232
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253337
|
6.1 |
MEDIUM
Network
|
shaarli_project
|
shaarli
|
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (fo…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15215
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253338
|
5.4 |
MEDIUM
Network
|
flyspray
|
flyspray
|
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (incl…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15214
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253339
|
5.4 |
MEDIUM
Network
|
flyspray
|
flyspray
|
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/temp…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15213
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253340
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can at least see the names of tags of a private project of another user.
|
CWE-200
Information Exposure
|
CVE-2017-15212
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
