|
252501
|
9.8 |
CRITICAL
Network
|
wpdevart
|
responsive_image_gallery_gallery_album
|
SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an add_edit_theme tas…
|
CWE-89
SQL Injection
|
CVE-2017-14125
|
2024-11-21 12:12 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252502
|
5.4 |
MEDIUM
Network
|
geminabox_project
|
geminabox
|
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14506
|
2024-11-21 12:12 |
2017-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252503
|
8.8 |
HIGH
Network
|
trendmicro
|
mobile_security
|
Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
CWE-77
Command Injection
|
CVE-2017-14081
|
2024-11-21 12:12 |
2017-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252504
|
9.8 |
CRITICAL
Network
|
trendmicro
|
mobile_security
|
Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password.
|
CWE-287
Improper Authentication
|
CVE-2017-14080
|
2024-11-21 12:12 |
2017-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252505
|
8.8 |
HIGH
Network
|
trendmicro
|
mobile_security
|
Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14079
|
2024-11-21 12:12 |
2017-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252506
|
9.8 |
CRITICAL
Network
|
trendmicro
|
mobile_security
|
SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.
|
CWE-89
SQL Injection
|
CVE-2017-14078
|
2024-11-21 12:12 |
2017-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252507
|
5.4 |
MEDIUM
Network
|
mirasvit
|
helpdesk_mx
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) cust…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14321
|
2024-11-21 12:12 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252508
|
8.0 |
HIGH
Network
|
mirasvit
|
helpdesk_mx
|
Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to execute arbitrary code by leveraging failure to filter uploaded files.
|
CWE-20
Improper Input Validation
|
CVE-2017-14320
|
2024-11-21 12:12 |
2017-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252509
|
8.8 |
HIGH
Network
|
xiph.org
debian
|
libvorbis
debian_linux
|
The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified ot…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14160
|
2024-11-21 12:12 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252510
|
8.1 |
HIGH
Network
|
libsndfile_project
debian
|
libsndfile
debian_linux
|
An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14246
|
2024-11-21 12:12 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
