|
254961
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12957
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254962
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() in basicio.cpp of libexiv2 in Exiv2 0.26 that will lead to remote denial of service.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12956
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254963
|
8.8 |
HIGH
Network
|
exiv2
|
exiv2
|
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2017-12955
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254964
|
8.8 |
HIGH
Network
|
podlove
|
podlove_podcast_publisher
|
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitab…
|
CWE-89
SQL Injection
|
CVE-2017-12949
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254965
|
6.1 |
MEDIUM
Network
|
pressforward
|
pressforward
|
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12948
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254966
|
7.2 |
HIGH
Network
|
easymodal_project
|
easy_modal
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable …
|
CWE-89
SQL Injection
|
CVE-2017-12947
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254967
|
7.2 |
HIGH
Network
|
easymodal_project
|
easy_modal
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by…
|
CWE-89
SQL Injection
|
CVE-2017-12946
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254968
|
5.4 |
MEDIUM
Network
|
spring_batch_admin_project
|
spring_batch_admin
|
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12882
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254969
|
8.8 |
HIGH
Network
|
spring_batch_admin_project
|
spring_batch_admin
|
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such …
|
CWE-352
Origin Validation Error
|
CVE-2017-12881
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254970
|
9.8 |
CRITICAL
Network
|
nexusphp_project
|
nexusphp
|
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
|
CWE-89
SQL Injection
|
CVE-2017-12776
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
