|
251101
|
8.8 |
HIGH
Network
|
piwigo
|
piwigo
|
Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via /admin.php?page=configuration§ion=main or /admin.php?page=batch_manager&mode=unit. An attacker can exploit this to coerce an admin use…
|
CWE-352
Origin Validation Error
|
CVE-2017-17827
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251102
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via the gallery_title parameter in an admin.php?page=configuration§ion=main request. An attacker can e…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17826
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251103
|
4.8 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit …
|
CWE-79
Cross-site Scripting
|
CVE-2017-17825
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251104
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the …
|
CWE-89
SQL Injection
|
CVE-2017-17824
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251105
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a conne…
|
CWE-89
SQL Injection
|
CVE-2017-17823
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251106
|
4.9 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MyS…
|
CWE-89
SQL Injection
|
CVE-2017-17822
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251107
|
9.8 |
CRITICAL
Network
|
apple
|
safari
|
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other im…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17821
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251108
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
|
CWE-416
Use After Free
|
CVE-2017-17820
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251109
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17819
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251110
|
7.5 |
HIGH
Network
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17818
|
2024-11-21 12:18 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
