|
253331
|
8.8 |
HIGH
Network
|
claydip
|
airbnb_clone
|
Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14704
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253332
|
7.2 |
HIGH
Network
|
citrix
|
netscaler_gateway_firmware
application_delivery_controller_firmware
|
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e…
|
CWE-287
Improper Authentication
|
CVE-2017-14602
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253333
|
9.8 |
CRITICAL
Network
|
cashbackcomparisonscript
|
cash_back_comparison
|
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
|
CWE-89
SQL Injection
|
CVE-2017-14703
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253334
|
6.1 |
MEDIUM
Network
|
baidu
|
ueditor
|
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14744
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253335
|
8.1 |
HIGH
Network
|
faleemi
|
fsc-880_firmware
|
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.
|
CWE-89
SQL Injection
|
CVE-2017-14743
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253336
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-14741
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253337
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL P…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14739
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253338
|
5.5 |
MEDIUM
Local
|
botan_project
debian
|
botan
debian_linux
|
A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as d…
|
NVD-CWE-noinfo
|
CVE-2017-14737
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253339
|
6.1 |
MEDIUM
Network
|
antisamy_project
|
antisamy
|
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14735
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253340
|
8.8 |
HIGH
Network
|
libbpg_project
|
libbpg
|
The build_msps function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14734
|
2024-11-21 12:13 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
