|
255151
|
7.5 |
HIGH
Network
|
cisco
|
residential_gateway_firmware
|
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversa…
|
CWE-22
Path Traversal
|
CVE-2017-11587
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255152
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
|
CWE-601
Open Redirect
|
CVE-2017-11586
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255153
|
9.8 |
CRITICAL
Network
|
finecms
|
finecms
|
dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.
|
CWE-94
Code Injection
|
CVE-2017-11585
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255154
|
9.8 |
CRITICAL
Network
|
finecms
|
finecms
|
dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.
|
CWE-89
SQL Injection
|
CVE-2017-11584
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255155
|
9.8 |
CRITICAL
Network
|
finecms
|
finecms
|
dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an action=related request to libraries/Template.php.
|
CWE-89
SQL Injection
|
CVE-2017-11583
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255156
|
9.8 |
CRITICAL
Network
|
finecms
|
finecms
|
dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an action=related or action=tags request to libraries/Template.php.
|
CWE-89
SQL Injection
|
CVE-2017-11582
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255157
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11581
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255158
|
7.8 |
HIGH
Local
|
fontforge
|
fontforge
|
FontForge 20161012 is vulnerable to a buffer over-read in getsid (parsettf.c) resulting in DoS or code execution via a crafted otf file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11577
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255159
|
5.5 |
MEDIUM
Local
|
fontforge
|
fontforge
|
FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11576
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255160
|
7.8 |
HIGH
Local
|
fontforge
|
fontforge
|
FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (char.c) resulting in DoS or code execution via a crafted otf file, related to a call from the readttfcopyrights function in parset…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11575
|
2024-11-21 12:08 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
