|
255131
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11629
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255132
|
6.5 |
MEDIUM
Network
|
libtiff
|
libtiff
|
In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not chec…
|
CWE-20
Improper Input Validation
|
CVE-2017-11613
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255133
|
7.8 |
HIGH
Local
|
php
|
php
|
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentiall…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11628
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255134
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11627
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255135
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11626
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255136
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in Q…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11625
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255137
|
5.5 |
MEDIUM
Local
|
qpdf_project
|
qpdf
|
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11624
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255138
|
6.1 |
MEDIUM
Network
|
atmail
|
atmail
|
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both sin…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11617
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255139
|
9.8 |
CRITICAL
Network
|
medhost
|
connex
|
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the da…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11614
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255140
|
7.8 |
HIGH
Local
|
appsec-labs
|
appuse
|
AppUse 4.0 allows shell command injection via a proxy field.
|
CWE-78
OS Command
|
CVE-2017-11566
|
2024-11-21 12:08 |
2017-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
