|
254641
|
7.2 |
HIGH
Network
|
seacms_project
|
seacms
|
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.
|
NVD-CWE-noinfo
|
CVE-2017-17561
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254642
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_pr4100_firmware
|
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
|
CWE-287
Improper Authentication
|
CVE-2017-17560
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254643
|
6.6 |
MEDIUM
Physics
|
linux
suse
|
linux_kernel
linux_enterprise_server
|
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-17558
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254644
|
6.5 |
MEDIUM
Network
|
aubio
ffmpeg
|
aubio
ffmpeg
libswresample
|
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of servi…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17555
|
2024-11-21 12:18 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254645
|
5.5 |
MEDIUM
Local
|
aubio
|
aubio
|
A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17554
|
2024-11-21 12:18 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254646
|
5.3 |
MEDIUM
Network
|
changyou
|
dolphin
|
The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malici…
|
NVD-CWE-noinfo
|
CVE-2017-17553
|
2024-11-21 12:18 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254647
|
8.8 |
HIGH
Network
|
changyou
|
dolphin
|
The Backup and Restore feature in Mobotap Dolphin Browser for Android 12.0.2 suffers from an arbitrary file write vulnerability when attempting to restore browser settings from a malicious Dolphin Br…
|
CWE-20
Improper Input Validation
|
CVE-2017-17551
|
2024-11-21 12:18 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254648
|
8.8 |
HIGH
Network
|
phacility
|
phabricator
|
Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a bra…
|
NVD-CWE-noinfo
|
CVE-2017-17536
|
2024-11-21 12:18 |
2017-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254649
|
8.8 |
HIGH
Network
|
lilypond
|
lilypond
|
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-inje…
|
CWE-74
Injection
|
CVE-2017-17523
|
2024-11-21 12:18 |
2017-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254650
|
8.8 |
HIGH
Network
|
sensible-utils_project
|
sensible-utils
|
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argumen…
|
CWE-74
Injection
|
CVE-2017-17512
|
2024-11-21 12:18 |
2017-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
