|
247101
|
7.8 |
HIGH
Local
|
irfanview
|
irfanview
fpx
|
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "User Mode Write AV starting a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9528
|
2024-11-21 12:36 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247102
|
7.5 |
HIGH
Network
|
systemd_project
|
systemd
|
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a sp…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-9445
|
2024-11-21 12:36 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247103
|
9.8 |
CRITICAL
Network
|
code42
|
crashplan
|
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-9830
|
2024-11-21 12:36 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247104
|
9.8 |
CRITICAL
Network
|
cognito
|
moneyworks
|
Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-read…
|
CWE-532
CWE-732
Inclusion of Sensitive Information in Log Files
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9615
|
2024-11-21 12:36 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247105
|
9.8 |
CRITICAL
Network
|
tp-link
|
wr841n_v8_firmware
|
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which al…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-9466
|
2024-11-21 12:36 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247106
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr
|
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9840
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247107
|
9.8 |
CRITICAL
Network
|
easysitecms
|
easysite
|
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs ele…
|
CWE-89
SQL Injection
|
CVE-2017-9848
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247108
|
5.5 |
MEDIUM
Local
|
libtorrent
|
libtorrent
|
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9847
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247109
|
8.8 |
HIGH
Network
|
magicwinmail
|
winmail_server
|
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folde…
|
CWE-22
Path Traversal
|
CVE-2017-9846
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247110
|
4.8 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9836
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
