|
258551
|
7.8 |
HIGH
Local
|
internet-soft
|
ftp_commander
|
InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.
|
CWE-426
Untrusted Search Path
|
CVE-2017-11749
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258552
|
7.8 |
HIGH
Local
|
softonic
|
spider_player
|
VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file.
|
CWE-426
Untrusted Search Path
|
CVE-2017-11748
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258553
|
5.5 |
MEDIUM
Local
|
tinyproxy_project
|
tinyproxy
|
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leverag…
|
CWE-269
Improper Privilege Management
|
CVE-2017-11747
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258554
|
7.5 |
HIGH
Network
|
inversepath
|
tenshi
|
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tens…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2017-11746
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258555
|
6.1 |
MEDIUM
Network
|
modx
|
modx_revolution
|
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when t…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11744
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258556
|
7.8 |
HIGH
Local
|
libexpat_project
|
libexpat
|
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working d…
|
CWE-426
Untrusted Search Path
|
CVE-2017-11742
|
2024-11-21 12:08 |
2017-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258557
|
6.1 |
MEDIUM
Network
|
rspamd_project
|
rspamd
|
interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11737
|
2024-11-21 12:08 |
2017-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258558
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11736
|
2024-11-21 12:08 |
2017-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258559
|
5.5 |
MEDIUM
Local
|
libming
|
ming
|
A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11734
|
2024-11-21 12:08 |
2017-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258560
|
5.5 |
MEDIUM
Local
|
libming
debian
|
ming
debian_linux
|
A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service vi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11733
|
2024-11-21 12:08 |
2017-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
