|
247531
|
8.8 |
HIGH
Network
|
entropymine
|
imageworsener
|
libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (applica…
|
CWE-682
Incorrect Calculation
|
CVE-2017-8326
|
2024-11-21 12:33 |
2017-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247532
|
8.8 |
HIGH
Network
|
entropymine
|
imageworsener
|
The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8325
|
2024-11-21 12:33 |
2017-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247533
|
8.8 |
HIGH
Network
|
roundcube
|
webmail
|
Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly rest…
|
CWE-269
Improper Privilege Management
|
CVE-2017-8114
|
2024-11-21 12:33 |
2017-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247534
|
7.5 |
HIGH
Network
|
xstream_project
debian
|
xstream
debian_linux
|
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application cr…
|
CWE-20
Improper Input Validation
|
CVE-2017-7957
|
2024-11-21 12:33 |
2017-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247535
|
8.8 |
HIGH
Network
|
enalean
phpwiki_project
|
tuleap
phpwiki
|
Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before …
|
CWE-78
OS Command
|
CVE-2017-7981
|
2024-11-21 12:33 |
2017-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247536
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
|
pan-os
|
The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempt…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2017-7945
|
2024-11-21 12:33 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247537
|
9.8 |
CRITICAL
Network
|
13thmonkey
|
udfclient
|
The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8305
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247538
|
7.5 |
HIGH
Network
|
avast
|
antivirus
|
In Avast Antivirus before v17, an unprivileged user (and thus malware or a virus) can mark an arbitrary process as Trusted from the perspective of the Avast product. This bypasses the Self-Defense fe…
|
CWE-269
Improper Privilege Management
|
CVE-2017-8308
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247539
|
9.8 |
CRITICAL
Network
|
avast
|
antivirus
|
In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulner…
|
NVD-CWE-noinfo
|
CVE-2017-8307
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247540
|
5.4 |
MEDIUM
Network
|
blueriver
|
muracms
|
Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/vie…
|
CWE-79
Cross-site Scripting
|
CVE-2017-8302
|
2024-11-21 12:33 |
2017-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
