|
247401
|
9.8 |
CRITICAL
Network
|
tp-link
|
wr841n_v8_firmware
|
The executable httpd on the TP-Link WR841N V8 router before TL-WR841N(UN)_V8_170210 contained a design flaw in the use of DES for block encryption. This resulted in incorrect access control, which al…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-9466
|
2024-11-21 12:36 |
2017-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247402
|
8.8 |
HIGH
Network
|
dolibarr
|
dolibarr
|
Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9840
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247403
|
9.8 |
CRITICAL
Network
|
easysitecms
|
easysite
|
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs ele…
|
CWE-89
SQL Injection
|
CVE-2017-9848
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247404
|
5.5 |
MEDIUM
Local
|
libtorrent
|
libtorrent
|
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9847
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247405
|
8.8 |
HIGH
Network
|
magicwinmail
|
winmail_server
|
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folde…
|
CWE-22
Path Traversal
|
CVE-2017-9846
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247406
|
4.8 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9836
|
2024-11-21 12:36 |
2017-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247407
|
7.5 |
HIGH
Network
|
boa
|
boa
|
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a …
|
CWE-22
Path Traversal
|
CVE-2017-9833
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247408
|
6.8 |
MEDIUM
Physics
|
libmtp_project
|
libmtp
|
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe rem…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9832
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247409
|
6.8 |
MEDIUM
Physics
|
libmtp_project
|
libmtp
|
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-9831
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247410
|
7.5 |
HIGH
Network
|
vivotek
|
network_camera_ib8369_firmware
network_camera_fd8164_firmware
network_camera_fd816ba_firmware
|
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a craf…
|
CWE-22
Path Traversal
|
CVE-2017-9829
|
2024-11-21 12:36 |
2017-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
