|
257981
|
7.5 |
HIGH
Network
|
yaws
|
yaws
|
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protec…
|
CWE-22
Path Traversal
|
CVE-2017-10974
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257982
|
9.8 |
CRITICAL
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
|
CWE-94
Code Injection
|
CVE-2017-10968
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257983
|
6.5 |
MEDIUM
Network
|
finecms_project
|
finecms
|
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-10973
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257984
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10967
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257985
|
7.5 |
HIGH
Network
|
swftools
|
swftools
|
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10976
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257986
|
6.1 |
MEDIUM
Network
|
lutim_project
|
lutim
|
Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification an…
|
CWE-79
Cross-site Scripting
|
CVE-2017-10975
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257987
|
6.5 |
MEDIUM
Network
|
x.org
|
xorg-server
|
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X serve…
|
CWE-665
Improper Initialization
|
CVE-2017-10972
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257988
|
8.8 |
HIGH
Network
|
x.org
|
xorg-server
|
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10971
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257989
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error fun…
|
CWE-79
Cross-site Scripting
|
CVE-2017-10970
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257990
|
7.8 |
HIGH
Local
|
irfanview
|
irfanview
fpx
|
IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to a "Read Access Violation s…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10926
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
