|
255101
|
6.5 |
MEDIUM
Network
|
exiv2
canonical
debian
|
exiv2
ubuntu_linux
debian_linux
|
There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
|
CWE-617
Reachable Assertion
|
CVE-2017-11683
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255102
|
6.1 |
MEDIUM
Network
|
hashtopolis
|
hashtopolis
|
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11682
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255103
|
8.8 |
HIGH
Network
|
project_hashtopussy
|
hashtopussy
|
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=c…
|
CWE-269
Improper Privilege Management
|
CVE-2017-11681
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255104
|
8.8 |
HIGH
Network
|
project_hashtopussy
|
hashtopussy
|
Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing an admin password change via users.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-11680
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255105
|
8.8 |
HIGH
Network
|
hashtopus_project
|
hashtopus
|
Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.
|
CWE-352
Origin Validation Error
|
CVE-2017-11679
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255106
|
8.8 |
HIGH
Network
|
hashtopus_project
|
hashtopus
|
SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php.
|
CWE-89
SQL Injection
|
CVE-2017-11678
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255107
|
6.1 |
MEDIUM
Network
|
hashtopus_project
|
hashtopus
|
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11677
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255108
|
8.8 |
HIGH
Network
|
zen-cart
|
zen_cart
|
The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP …
|
CWE-94
Code Injection
|
CVE-2017-11675
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255109
|
5.5 |
MEDIUM
Local
|
acunetix
|
web_vulnerability_scanner
|
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess."
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11674
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255110
|
9.8 |
CRITICAL
Network
|
acunetix
|
web_vulnerability_scanner
|
Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at re…
|
CWE-20
Improper Input Validation
|
CVE-2017-11673
|
2024-11-21 12:08 |
2017-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
