|
255061
|
7.8 |
HIGH
Local
|
sandboxie
|
sandboxie_installer
|
Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading Vulnerability via a Trojan horse dwmapi.dll or profapi.dll file in an AppData\Local\Temp directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-12480
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255062
|
6.5 |
MEDIUM
Network
|
slims
|
akasia
|
SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue because of directory traversal in the url parameter to admin/help.php. It can be exploited by remote authenticated librarian users.
|
CWE-22
Path Traversal
|
CVE-2017-12586
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255063
|
8.8 |
HIGH
Network
|
slims
|
akasia
|
SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be explo…
|
CWE-89
SQL Injection
|
CVE-2017-12585
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255064
|
8.8 |
HIGH
Network
|
slims
|
senayan_library_management_system
|
There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to…
|
CWE-352
Origin Validation Error
|
CVE-2017-12584
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255065
|
6.1 |
MEDIUM
Network
|
dokuwiki
|
dokuwiki
|
DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12583
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255066
|
7.5 |
HIGH
Network
|
brother
|
dcp-j132w_firmware
|
Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by se…
|
NVD-CWE-noinfo
|
CVE-2017-12568
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255067
|
4.8 |
MEDIUM
Network
|
splunk
|
splunk
|
Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrat…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12572
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255068
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMVGImage in coders/mvg.c, which allows attackers to cause a denial of service, related to the function ReadSVGImage i…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12566
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255069
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12565
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255070
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-12564
|
2024-11-21 12:09 |
2017-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
