|
254001
|
8.8 |
HIGH
Network
|
basic_job_site_script_project
|
basic_job_site_script
|
Readymade Job Site Script has CSRF via the /job URI.
|
CWE-352
Origin Validation Error
|
CVE-2017-17894
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254002
|
6.1 |
MEDIUM
Network
|
readymade_video_sharing_script_project
|
readymade_video_sharing_script
|
Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17893
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254003
|
9.8 |
CRITICAL
Network
|
readymade_video_sharing_script_project
|
readymade_video_sharing_script
|
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17892
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254004
|
8.8 |
HIGH
Network
|
readymade_video_sharing_script_project
|
readymade_video_sharing_script
|
Readymade Video Sharing Script has CSRF via user-profile-edit.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-17891
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254005
|
8.8 |
HIGH
Network
|
hoytech
|
antiweb
|
cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter…
|
CWE-78
OS Command
|
CVE-2017-17888
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254006
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image fi…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17887
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254007
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17886
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254008
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17885
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254009
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17884
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254010
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-17883
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
