|
255021
|
7.5 |
HIGH
Network
|
vonage
|
vdv-23_firmware
|
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16902
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255022
|
7.1 |
HIGH
Local
|
xfig_project
debian
|
xfig
debian_linux
|
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-16899
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255023
|
5.5 |
MEDIUM
Local
|
libming
|
libming
|
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a dif…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16898
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255024
|
9.8 |
CRITICAL
Network
|
tt-rss
|
tiny_tiny_rss
|
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16896
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255025
|
7.5 |
HIGH
Network
|
laravel
|
laravel
|
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav…
|
CWE-200
Information Exposure
|
CVE-2017-16894
|
2024-11-21 12:17 |
2017-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255026
|
7.5 |
HIGH
Network
|
bftpd_project
|
bftpd
|
In Bftpd before 4.7, there is a memory leak in the file rename function.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-16892
|
2024-11-21 12:17 |
2017-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255027
|
6.5 |
MEDIUM
Network
|
libming
|
libming
|
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf fil…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-16883
|
2024-11-21 12:17 |
2017-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255028
|
7.8 |
HIGH
Local
|
icinga
|
icinga
|
Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-16882
|
2024-11-21 12:17 |
2017-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255029
|
6.1 |
MEDIUM
Network
|
symphony_project
|
symphony
|
b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16881
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255030
|
6.1 |
MEDIUM
Network
|
whoops_project
|
whoops
|
The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16880
|
2024-11-21 12:17 |
2017-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
