|
249241
|
8.8 |
HIGH
Network
|
libtiff
|
libtiff
|
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5563
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249242
|
8.1 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5556
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249243
|
8.1 |
HIGH
Network
|
oneplus
|
oxygenos
|
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attac…
|
CWE-287
Improper Authentication
|
CVE-2017-5554
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249244
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a jav…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5553
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249245
|
9.1 |
CRITICAL
Network
|
b2evolution
|
b2evolution
|
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit t…
|
CWE-22
Path Traversal
|
CVE-2017-5539
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249246
|
9.1 |
CRITICAL
Network
|
libimobiledevice
|
libplist
|
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via App…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5545
|
2024-11-21 12:27 |
2017-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249247
|
9.8 |
CRITICAL
Network
|
intelliants
|
subrion
|
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
|
CWE-94
Code Injection
|
CVE-2017-5543
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249248
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-fold…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5542
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249249
|
5.3 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder…
|
CWE-22
Path Traversal
|
CVE-2017-5541
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249250
|
6.1 |
MEDIUM
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inse…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5599
|
2024-11-21 12:27 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
