|
252001
|
8.4 |
HIGH
Local
|
neutrinolabs
debian
|
xrdp
debian_linux
|
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp through 0.9.4 uses an untrusted integer as a write length, which allows local users to cause a denial of servic…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16927
|
2024-11-21 12:17 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252002
|
7.8 |
HIGH
Local
|
gnu
|
ncurses
|
Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-16879
|
2024-11-21 12:17 |
2017-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252003
|
9.8 |
CRITICAL
Network
|
ohcount_project
|
ohcount
|
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) t…
|
CWE-78
OS Command
|
CVE-2017-16926
|
2024-11-21 12:17 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252004
|
8.8 |
HIGH
Adjacent
|
tenda
|
ac9_firmware
ac15_firmware
ac18_firmware
|
Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_A…
|
CWE-78
OS Command
|
CVE-2017-16923
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252005
|
9.8 |
CRITICAL
Network
|
finecms
|
finecms
|
v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY value and does not require key regeneration for each installation, which allows remote attackers to upload arbitrary .php files via …
|
NVD-CWE-noinfo
|
CVE-2017-16920
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252006
|
5.4 |
MEDIUM
Network
|
mapos_project
|
mapos
|
MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in /clientes/visualizar, which allows remote attackers to inject arbitrary web script or HTML via a crafted description …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16919
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252007
|
9.8 |
CRITICAL
Network
|
ffmpeg
debian
|
ffmpeg
debian_linux
|
The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related t…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16840
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252008
|
5.4 |
MEDIUM
Network
|
horde
|
groupware
|
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16908
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252009
|
5.4 |
MEDIUM
Network
|
horde
|
groupware
|
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16907
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252010
|
5.4 |
MEDIUM
Network
|
horde
|
groupware
|
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16906
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
