|
257171
|
6.5 |
MEDIUM
Network
|
graphicsmagick
|
graphicsmagick
|
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11722
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257172
|
9.1 |
CRITICAL
Network
|
medhost
|
medhost_document_management_system
|
MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate direct…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11694
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257173
|
9.1 |
CRITICAL
Network
|
medhost
|
medhost_document_management_system
|
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11693
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257174
|
7.8 |
HIGH
Local
|
ffmpeg
|
ffmpeg
|
The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3.0 through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other imp…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11719
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257175
|
6.1 |
MEDIUM
Network
|
metinfo_project
|
metinfo
|
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
|
CWE-601
Open Redirect
|
CVE-2017-11718
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257176
|
7.5 |
HIGH
Network
|
metinfo_project
|
metinfo
|
MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stre…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2017-11717
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257177
|
6.1 |
MEDIUM
Network
|
metinfo_project
|
metinfo
|
MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11716
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257178
|
9.8 |
CRITICAL
Network
|
metinfo_project
|
metinfo
|
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .pht…
|
CWE-94
Code Injection
|
CVE-2017-11715
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257179
|
7.8 |
HIGH
Local
|
artifex
debian
|
ghostscript
debian_linux
|
psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecif…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11714
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257180
|
7.5 |
HIGH
Network
|
boozt
|
boozt
|
The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the …
|
CWE-200
Information Exposure
|
CVE-2017-11706
|
2024-11-21 12:08 |
2017-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
