|
256261
|
6.5 |
MEDIUM
Network
|
dasinfomedia
|
annual_maintenance_contract_management_system
|
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14841
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256262
|
8.8 |
HIGH
Network
|
teamworktec
|
ticketplus
|
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14840
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256263
|
8.8 |
HIGH
Network
|
teamworktec
|
photo_fusion
|
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14839
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256264
|
8.8 |
HIGH
Network
|
teamworktec
|
job_links
|
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-14838
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256265
|
8.8 |
HIGH
Network
|
libbpg_project
|
libbpg
|
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-14796
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256266
|
8.8 |
HIGH
Network
|
libbpg_project
|
libbpg
|
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14795
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256267
|
5.9 |
MEDIUM
Network
|
laravel
|
laravel
|
Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
|
CWE-200
Information Exposure
|
CVE-2017-14775
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256268
|
6.1 |
MEDIUM
Network
|
2kblater
|
2kb_amazon_affiliates_store
|
Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14622
|
2024-11-21 12:13 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256269
|
8.8 |
HIGH
Network
|
ffmpeg
|
ffmpeg
|
The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (h…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14767
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256270
|
7.5 |
HIGH
Network
|
saadamin
|
simple_student_result
|
The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php…
|
CWE-287
Improper Authentication
|
CVE-2017-14766
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
