|
247711
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-8830
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247712
|
7.8 |
HIGH
Local
|
debian
|
lintian
|
Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-8829
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247713
|
9.1 |
CRITICAL
Network
|
genixcms
|
genixcms
|
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks vi…
|
CWE-287
Improper Authentication
|
CVE-2017-8827
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247714
|
7.5 |
HIGH
Network
|
gnu
|
glibc
|
The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-8804
|
2024-11-21 12:34 |
2017-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247715
|
6.1 |
MEDIUM
Network
|
trendmicro
|
officescan
|
Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8801
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247716
|
9.8 |
CRITICAL
Network
|
irods
|
irods
|
Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To …
|
CWE-78
OS Command
|
CVE-2017-8799
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247717
|
9.8 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because mysql_real_escape_string is misused, seos/courier/communication_p2p.php allows SQL injection with the app_id parameter.
|
CWE-89
SQL Injection
|
CVE-2017-8796
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247718
|
6.1 |
MEDIUM
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8795
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247719
|
10.0 |
CRITICAL
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Because a regular expression (intended to match local https URLs) lacks an initial ^ character, courier/web/1000@/wmProgressval.h…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-8794
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247720
|
8.8 |
HIGH
Network
|
accellion
|
file_transfer_appliance
|
An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the …
|
CWE-346
Origin Validation Error
|
CVE-2017-8793
|
2024-11-21 12:34 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
