|
252551
|
5.5 |
MEDIUM
Local
|
gnu
|
libextractor
|
In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15922
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252552
|
9.8 |
CRITICAL
Network
|
accesspressthemes
|
ultimate-form-builder-lite
|
The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.
|
CWE-89
SQL Injection
|
CVE-2017-15919
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252553
|
6.5 |
MEDIUM
Network
|
paessler
|
prtg_network_monitor
|
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
|
CWE-269
Improper Privilege Management
|
CVE-2017-15917
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252554
|
4.8 |
MEDIUM
Network
|
igniterealtime
|
openfire
|
The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15911
|
2024-11-21 12:15 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252555
|
7.5 |
HIGH
Network
|
systemd_project
canonical
|
systemd
ubuntu_linux
|
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-15908
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252556
|
9.8 |
CRITICAL
Network
|
phpcollab
|
phpcollab
|
SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.
|
CWE-89
SQL Injection
|
CVE-2017-15907
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252557
|
7.5 |
HIGH
Network
|
londontrustmedia
|
private_internet_access
|
The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15882
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252558
|
9.8 |
CRITICAL
Network
|
dlink
|
dgs-1500_firmware
|
D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-15909
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252559
|
5.3 |
MEDIUM
Network
|
openbsd
oracle
debian
netapp
redhat
|
openssh
sun_zfs_storage_appliance_kit
debian_linux
cloud_backup
data_ontap_edge
steelstore_cloud_integrated_storage
clustered_data_ontap
solidfire
hci_management_node
activ…
|
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-15906
|
2024-11-21 12:15 |
2017-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252560
|
6.1 |
MEDIUM
Network
|
axis
|
2100_network_camera_firmware
|
Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE:…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15885
|
2024-11-21 12:15 |
2017-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
