|
257701
|
9.8 |
CRITICAL
Network
|
advantech
|
webaccess
|
An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code …
|
CWE-287
Improper Authentication
|
CVE-2017-12698
|
2024-11-21 12:10 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257702
|
9.8 |
CRITICAL
Network
|
intel
debian
|
connman
debian_linux
|
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string pass…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-12865
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257703
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-12875
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257704
|
5.9 |
MEDIUM
Network
|
simplesamlphp
|
simplesamlphp
|
The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset.
|
CWE-613
Insufficient Session Expiration
|
CVE-2017-12867
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257705
|
6.1 |
MEDIUM
Network
|
c.p.sub_project
|
c.p.sub
|
Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12856
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257706
|
5.5 |
MEDIUM
Local
|
mpg123
|
mpg123
|
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which trig…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-12797
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257707
|
7.5 |
HIGH
Network
|
question2answer
|
question2answer
|
qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.
|
CWE-20
Improper Input Validation
|
CVE-2017-12775
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257708
|
8.8 |
HIGH
Network
|
nomachine
|
nomachine
|
An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-12763
|
2024-11-21 12:10 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257709
|
6.5 |
MEDIUM
Network
|
libgig0
|
libgig
|
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12954
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257710
|
6.5 |
MEDIUM
Network
|
libgig0
|
libgig
|
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-12953
|
2024-11-21 12:10 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
