|
250631
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/…
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-5596
|
2024-11-21 12:27 |
2017-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250632
|
7.5 |
HIGH
Network
|
pagekit
|
pagekit
|
An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is suc…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-5594
|
2024-11-21 12:27 |
2017-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250633
|
7.5 |
HIGH
Network
|
sap
|
netweaver
|
The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for…
|
CWE-200
Information Exposure
|
CVE-2017-5372
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250634
|
7.5 |
HIGH
Network
|
sybase
|
adaptive_server_enterprise
|
Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.
|
CWE-20
Improper Input Validation
|
CVE-2017-5371
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250635
|
8.8 |
HIGH
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST re…
|
CWE-89
SQL Injection
|
CVE-2017-5570
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250636
|
9.8 |
CRITICAL
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP…
|
CWE-89
SQL Injection
|
CVE-2017-5569
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250637
|
7.5 |
HIGH
Network
|
novell
|
open_enterprise_server
|
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total info…
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2017-5182
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250638
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5575
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250639
|
9.8 |
CRITICAL
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5574
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250640
|
8.8 |
HIGH
Network
|
libtiff
|
libtiff
|
LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5563
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
