|
247531
|
5.5 |
MEDIUM
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-6499
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247532
|
5.5 |
MEDIUM
Local
|
imagemagick
debian
|
imagemagick
debian_linux
|
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
|
CWE-20
Improper Input Validation
|
CVE-2017-6498
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247533
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-6497
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247534
|
9.8 |
CRITICAL
Network
|
flexense
|
sysgauge
|
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6416
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247535
|
8.1 |
HIGH
Network
|
wepresent
|
wipg-1500_firmware
|
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device u…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-6351
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247536
|
6.1 |
MEDIUM
Network
|
dotclear
|
dotclear
|
XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6446
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247537
|
7.2 |
HIGH
Network
|
admidio
|
admidio
|
SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization.
|
CWE-89
SQL Injection
|
CVE-2017-6492
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247538
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6491
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247539
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name,…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6490
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247540
|
6.1 |
MEDIUM
Network
|
epesi
|
epesi
|
Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6489
|
2024-11-21 12:29 |
2017-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
