|
257081
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12907
|
2024-11-21 12:10 |
2017-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257082
|
7.8 |
HIGH
Local
|
foxitsoftware
|
pdf_compressor
|
Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the curren…
|
CWE-426
Untrusted Search Path
|
CVE-2017-12892
|
2024-11-21 12:10 |
2017-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257083
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did not checkout the input length, which lead to integer overflow. If the image is from remote, may lead to remote code execution or…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12864
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257084
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::readData has an integer overflow when calculate src_pitch. If the image is from remote, may lead to remote code execution or denial…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12863
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257085
|
8.8 |
HIGH
Network
|
opencv
debian
|
opencv
debian_linux
|
In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffer _src is small than expected, which will cause copy buffer overflow later. If the image is from remote, may lead to remote code …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-12862
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257086
|
7.5 |
HIGH
Network
|
numpy
|
numpy
|
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-12852
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257087
|
6.5 |
MEDIUM
Local
|
xen
|
xen
|
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is fre…
|
CWE-200
Information Exposure
|
CVE-2017-12855
|
2024-11-21 12:10 |
2017-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257088
|
8.8 |
HIGH
Network
|
rtsindia
|
rwr-3g-100_firmware
|
The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affected by CSRF an attack that forces an end user to execute unwanted actions on a web application in which they're currently authentic…
|
CWE-352
Origin Validation Error
|
CVE-2017-12853
|
2024-11-21 12:10 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257089
|
8.8 |
HIGH
Network
|
kanboard
|
kanboard
|
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-12851
|
2024-11-21 12:10 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257090
|
8.8 |
HIGH
Network
|
kanboard
|
kanboard
|
An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-12850
|
2024-11-21 12:10 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
