|
254061
|
4.3 |
MEDIUM
Network
|
techno_-_portfolio_management_panel_project
|
techno_-_portfolio_management_panel
|
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.
|
CWE-862
Missing Authorization
|
CVE-2017-17693
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254062
|
8.8 |
HIGH
Network
|
videolan
debian
|
vlc_media_player
debian_linux
|
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be …
|
CWE-416
Use After Free
|
CVE-2017-17670
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254063
|
8.8 |
HIGH
Network
|
gjots2_project
|
gjots2
|
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-inje…
|
CWE-74
Injection
|
CVE-2017-17535
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254064
|
8.8 |
HIGH
Network
|
mensis_project
|
mensis
|
uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection at…
|
CWE-74
Injection
|
CVE-2017-17534
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254065
|
8.8 |
HIGH
Network
|
tkabber_project
|
tkabber
|
default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attac…
|
CWE-74
Injection
|
CVE-2017-17533
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254066
|
8.8 |
HIGH
Network
|
kiwi_project
|
kiwi
|
examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct arg…
|
CWE-74
Injection
|
CVE-2017-17532
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254067
|
8.8 |
HIGH
Network
|
gnu
|
global
|
gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection at…
|
CWE-74
Injection
|
CVE-2017-17531
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254068
|
8.8 |
HIGH
Network
|
geomview
|
geomview
|
common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection …
|
CWE-74
Injection
|
CVE-2017-17530
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254069
|
8.8 |
HIGH
Network
|
abisource
|
abiword
|
af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argume…
|
CWE-74
Injection
|
CVE-2017-17529
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254070
|
8.8 |
HIGH
Network
|
scummvm
|
scummvm
|
backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to cond…
|
CWE-74
Injection
|
CVE-2017-17528
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
