|
247151
|
6.5 |
MEDIUM
Network
|
openexr
|
openexr
|
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
|
NVD-CWE-noinfo
|
CVE-2017-9110
|
2024-11-21 12:35 |
2017-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247152
|
9.8 |
CRITICAL
Network
|
playsms
|
playsms
|
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9101
|
2024-11-21 12:35 |
2017-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247153
|
7.3 |
HIGH
Local
|
pmail
|
pegasus
|
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbi…
|
CWE-20
Improper Input Validation
|
CVE-2017-9046
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247154
|
7.5 |
HIGH
Network
|
secure-bytes
|
secure_cisco_auditor
|
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via…
|
CWE-22
Path Traversal
|
CVE-2017-9024
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247155
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600m_firmware
|
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
|
CWE-287
Improper Authentication
|
CVE-2017-9100
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247156
|
7.5 |
HIGH
Network
|
imagemagick
graphicsmagick
debian
|
imagemagick
graphicsmagick
debian_linux
|
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2017-9098
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247157
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9094
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247158
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9093
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247159
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9091
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247160
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9090
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
