|
251711
|
8.1 |
HIGH
Network
|
updraftplus
|
updraftplus
|
The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before del…
|
CWE-94
Code Injection
|
CVE-2017-16871
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251712
|
8.1 |
HIGH
Network
|
updraftplus
|
updraftplus
|
The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-16870
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251713
|
7.8 |
HIGH
Local
|
upx_project
|
upx
|
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16869
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251714
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer ove…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16868
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251715
|
6.5 |
MEDIUM
Adjacent
|
amazon
|
amazon_key_firmware
|
Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentication frames during the delivery process, which makes it easier for (1) delivery drivers to freeze a camera and re-enter a house f…
|
NVD-CWE-noinfo
|
CVE-2017-16867
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251716
|
6.1 |
MEDIUM
Network
|
finecms
|
finecms
|
dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16866
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251717
|
5.4 |
MEDIUM
Network
|
vonage
|
vdv-23_firmware
|
Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16843
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251718
|
8.1 |
HIGH
Network
|
shibboleth
debian
|
opensaml
debian_linux
|
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16853
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251719
|
8.1 |
HIGH
Network
|
shibboleth
debian
|
service_provider
debian_linux
|
shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and d…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16852
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251720
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16851
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
