|
252251
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impa…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14682
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252252
|
5.5 |
MEDIUM
Local
|
p3scan_project
|
p3scan
|
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to t…
|
CWE-665
Improper Initialization
|
CVE-2017-14681
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252253
|
7.5 |
HIGH
Network
|
zkteco
|
zktime_web
|
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
|
CWE-200
Information Exposure
|
CVE-2017-14680
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252254
|
9.8 |
CRITICAL
Network
|
tapatalk
|
tapatalk
|
SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tapatalk plugin before 4.5.8 for MyBB allows an unauthenticated remote attacker to inject arbitrary SQL commands via an XML-RPC enco…
|
CWE-89
SQL Injection
|
CVE-2017-14652
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252255
|
4.8 |
MEDIUM
Network
|
wso2
|
storage_server
message_broker
machine_learner
iot_server
identity_server
governance_registry
enterprise_mobility_manager
enterprise_integrator
data_services_server
dashboar…
|
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14651
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252256
|
5.5 |
MEDIUM
Local
|
graphicsmagick
|
graphicsmagick
|
ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service (assertion failure in magick/pixel_cache.c, and application crash).
|
CWE-617
Reachable Assertion
|
CVE-2017-14649
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252257
|
9.8 |
CRITICAL
Network
|
bladeenc
|
bladeenc
|
A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service o…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-14648
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252258
|
8.1 |
HIGH
Network
|
horde
|
horde_image_api
|
A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde appli…
|
CWE-20
Improper Input Validation
|
CVE-2017-14650
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252259
|
8.8 |
HIGH
Network
|
bento4
|
bento4
|
A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-14647
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252260
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4_DataBuffer::SetData in…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14646
|
2024-11-21 12:13 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
