|
250641
|
8.1 |
HIGH
Network
|
foxitsoftware
|
foxit_reader
phantompdf
|
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5556
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250642
|
8.1 |
HIGH
Network
|
oneplus
|
oxygenos
|
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attac…
|
CWE-287
Improper Authentication
|
CVE-2017-5554
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250643
|
5.4 |
MEDIUM
Network
|
b2evolution
|
b2evolution
|
Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a jav…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5553
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250644
|
9.1 |
CRITICAL
Network
|
b2evolution
|
b2evolution
|
The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\/ to bypass the filter rule. Then, this attacker can exploit t…
|
CWE-22
Path Traversal
|
CVE-2017-5539
|
2024-11-21 12:27 |
2017-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250645
|
9.1 |
CRITICAL
Network
|
libimobiledevice
|
libplist
|
The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via App…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5545
|
2024-11-21 12:27 |
2017-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250646
|
9.8 |
CRITICAL
Network
|
intelliants
|
subrion
|
includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.
|
CWE-94
Code Injection
|
CVE-2017-5543
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250647
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-fold…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5542
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250648
|
5.3 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder…
|
CWE-22
Path Traversal
|
CVE-2017-5541
|
2024-11-21 12:27 |
2017-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250649
|
6.1 |
MEDIUM
Network
|
eclinicalworks
|
patient_portal
|
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inse…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5599
|
2024-11-21 12:27 |
2017-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250650
|
7.5 |
HIGH
Network
|
quagga
|
quagga
|
All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Q…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5495
|
2024-11-21 12:27 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
