|
249901
|
5.3 |
MEDIUM
Network
|
ordermanagementscript
|
professional_service_script
|
PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.
|
CWE-200
Information Exposure
|
CVE-2017-17926
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249902
|
4.8 |
MEDIUM
Network
|
ordermanagementscript
|
professional_service_script
|
PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17925
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249903
|
5.3 |
MEDIUM
Network
|
ordermanagementscript
|
professional_service_script
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
|
CWE-22
Path Traversal
|
CVE-2017-17924
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249904
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17915
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249905
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted …
|
CWE-834
Excessive Iteration
|
CVE-2017-17914
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249906
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17913
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249907
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17912
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249908
|
6.1 |
MEDIUM
Network
|
archon
|
archon
|
packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17911
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249909
|
4.8 |
MEDIUM
Network
|
responsive_realestate_script_project
|
responsive_realestate_script
|
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17909
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249910
|
8.8 |
HIGH
Network
|
responsive_realestate_script_project
|
responsive_realestate_script
|
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
|
CWE-352
Origin Validation Error
|
CVE-2017-17908
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
