|
248481
|
5.5 |
MEDIUM
Local
|
libsndfile_project
|
libsndfile
|
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7585
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248482
|
7.8 |
HIGH
Local
|
foxitsoftware
|
foxit_pdf_toolkit
|
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7584
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248483
|
6.1 |
MEDIUM
Network
|
ilias
|
ilias
|
ILIAS before 5.2.3 has XSS via SVG documents.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7583
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248484
|
9.8 |
CRITICAL
Network
|
news_system_project
|
news_system
|
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand f…
|
CWE-89
SQL Injection
|
CVE-2017-7581
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248485
|
6.1 |
MEDIUM
Network
|
phpmyfaq
|
phpmyfaq
|
inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7579
|
2024-11-21 12:32 |
2017-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248486
|
7.8 |
HIGH
Local
|
libming
|
libming
|
Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a craft…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7578
|
2024-11-21 12:32 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248487
|
9.8 |
CRITICAL
Network
|
xiongmaitech
|
uc-httpd
|
XiongMai uc-httpd has directory traversal allowing the reading of arbitrary files via a "GET ../" HTTP request.
|
CWE-22
Path Traversal
|
CVE-2017-7577
|
2024-11-21 12:32 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248488
|
8.8 |
HIGH
Network
|
pivotx
|
pivotx
|
PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to ch…
|
CWE-94
Code Injection
|
CVE-2017-7570
|
2024-11-21 12:32 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248489
|
9.8 |
CRITICAL
Network
|
dragonwavex
|
horizon_wireless_radio_firmware
|
DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credent…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-7576
|
2024-11-21 12:32 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248490
|
9.8 |
CRITICAL
Network
|
schneider-electric
|
modicon_tm221ce16r_firmware
|
Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote attackers to discover the application-protection password via a \x00\x01\x00\x00\x00\x05\x01\x5a\x00\x03\x00 request to the Modbus p…
|
CWE-200
Information Exposure
|
CVE-2017-7575
|
2024-11-21 12:32 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
