|
258231
|
9.8 |
CRITICAL
Network
|
phicomm
|
k2\(psg1218\)-firmware
|
PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated acc…
|
CWE-20
Improper Input Validation
|
CVE-2017-11495
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258232
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a ma…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11478
|
2024-11-21 12:07 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258233
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php.
|
CWE-89
SQL Injection
|
CVE-2017-11475
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258234
|
9.8 |
CRITICAL
Network
|
glpi-project
|
glpi
|
GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php.
|
CWE-89
SQL Injection
|
CVE-2017-11474
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258235
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
|
CWE-120
Classic Buffer Overflow
|
CVE-2017-11473
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258236
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain s…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2017-11472
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258237
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11471
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258238
|
9.8 |
CRITICAL
Network
|
idera
|
uptime_infrastructure_monitor
|
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11470
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258239
|
7.5 |
HIGH
Network
|
idera
|
uptime_infrastructure_monitor
|
get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.
|
CWE-22
Path Traversal
|
CVE-2017-11469
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258240
|
9.8 |
CRITICAL
Network
|
orientdb
|
orientdb
|
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
|
CWE-269
Improper Privilege Management
|
CVE-2017-11467
|
2024-11-21 12:07 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
