|
256161
|
7.5 |
HIGH
Network
|
gnu
|
binutils
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15938
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256162
|
6.5 |
MEDIUM
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /v…
|
CWE-200
Information Exposure
|
CVE-2017-15937
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256163
|
5.4 |
MEDIUM
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15936
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256164
|
7.2 |
HIGH
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.
|
CWE-94
Code Injection
|
CVE-2017-15935
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256165
|
5.4 |
MEDIUM
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15934
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256166
|
7.2 |
HIGH
Network
|
eyesofnetwork
|
eyesofnetwork
|
SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to …
|
CWE-89
SQL Injection
|
CVE-2017-15933
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256167
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing t…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15932
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256168
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit syst…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-15931
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256169
|
8.8 |
HIGH
Network
|
graphicsmagick
debian
|
graphicsmagick
debian_linux
|
In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Pointer Dereference occurs while transferring JPEG scanlines, related to a PixelPacket pointer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15930
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256170
|
7.5 |
HIGH
Network
|
ox_project
|
ox
|
In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but…
|
CWE-20
Improper Input Validation
|
CVE-2017-15928
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
