|
247241
|
7.5 |
HIGH
Network
|
secure-bytes
|
secure_cisco_auditor
|
Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via…
|
CWE-22
Path Traversal
|
CVE-2017-9024
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247242
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600m_firmware
|
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
|
CWE-287
Improper Authentication
|
CVE-2017-9100
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247243
|
7.5 |
HIGH
Network
|
imagemagick
graphicsmagick
debian
|
imagemagick
graphicsmagick
debian_linux
|
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2017-9098
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247244
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9094
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247245
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9093
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247246
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9091
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247247
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9090
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247248
|
6.5 |
MEDIUM
Network
|
freedesktop
|
poppler
|
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9083
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247249
|
8.8 |
HIGH
Network
|
playsms
|
playsms
|
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9080
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247250
|
4.7 |
MEDIUM
Local
|
dropbear_ssh_project
debian
|
dropbear_ssh
debian_linux
|
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is re…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9079
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
