|
248431
|
5.5 |
MEDIUM
Local
|
libsndfile_project
|
libsndfile
|
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file duri…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7742
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248432
|
5.5 |
MEDIUM
Local
|
libsndfile_project
|
libsndfile
|
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file dur…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7741
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248433
|
10.0 |
CRITICAL
Network
|
solarwinds
|
log_\&_event_manager
|
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiti…
|
CWE-77
Command Injection
|
CVE-2017-7722
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248434
|
9.8 |
CRITICAL
Network
|
web-dorado
|
spider_event_calendar
|
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_function…
|
CWE-89
SQL Injection
|
CVE-2017-7719
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248435
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembl…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7716
|
2024-11-21 12:32 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248436
|
9.8 |
CRITICAL
Network
|
brother
|
mfc_firmware
dcp_firmware
ads_firmware
hl_firmware
|
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW…
|
CWE-287
Improper Authentication
|
CVE-2017-7588
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248437
|
5.5 |
MEDIUM
Local
|
libsamplerate_project
debian
|
libsamplerate
debian_linux
|
In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7697
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248438
|
9.8 |
CRITICAL
Network
|
bigtreecms
|
bigtree_cms
|
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-7695
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248439
|
8.8 |
HIGH
Network
|
getsymphony
|
symphony
|
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. …
|
CWE-94
Code Injection
|
CVE-2017-7694
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248440
|
9.8 |
CRITICAL
Network
|
sap
|
trex
|
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
|
CWE-94
Code Injection
|
CVE-2017-7691
|
2024-11-21 12:32 |
2017-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
