|
255081
|
9.1 |
CRITICAL
Network
|
medhost
|
medhost_document_management_system
|
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11693
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255082
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other imp…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11719
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255083
|
6.1 |
MEDIUM
Network
|
metinfo_project
|
metinfo
|
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
|
CWE-601
Open Redirect
|
CVE-2017-11718
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255084
|
7.5 |
HIGH
Network
|
metinfo_project
|
metinfo
|
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stre…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-11717
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255085
|
6.1 |
MEDIUM
Network
|
metinfo_project
|
metinfo
|
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11716
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255086
|
9.8 |
CRITICAL
Network
|
metinfo_project
|
metinfo
|
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .pht…
|
CWE-94
Code Injection
|
CVE-2017-11715
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255087
|
7.8 |
HIGH
Local
|
artifex
debian
|
ghostscript
debian_linux
|
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecif…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11714
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255088
|
7.5 |
HIGH
Network
|
boozt
|
boozt
|
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the …
|
CWE-200
Information Exposure
|
CVE-2017-11706
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255089
|
6.5 |
MEDIUM
Network
|
libming
|
ming
|
A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11705
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255090
|
6.5 |
MEDIUM
Network
|
libming
|
ming
|
A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11704
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
