|
251031
|
5.3 |
MEDIUM
Network
|
ordermanagementscript
|
professional_service_script
|
PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.
|
CWE-22
Path Traversal
|
CVE-2017-17924
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251032
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17915
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251033
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted …
|
CWE-834
Excessive Iteration
|
CVE-2017-17914
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251034
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17913
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251035
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17912
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251036
|
6.1 |
MEDIUM
Network
|
archon
|
archon
|
packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17911
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251037
|
4.8 |
MEDIUM
Network
|
responsive_realestate_script_project
|
responsive_realestate_script
|
PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17909
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251038
|
8.8 |
HIGH
Network
|
responsive_realestate_script_project
|
responsive_realestate_script
|
PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
|
CWE-352
Origin Validation Error
|
CVE-2017-17908
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251039
|
6.1 |
MEDIUM
Network
|
car_rental_script_project
|
car_rental_script
|
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17907
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251040
|
9.8 |
CRITICAL
Network
|
car_rental_script_project
|
car_rental_script
|
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17906
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
