|
248361
|
9.1 |
CRITICAL
Network
|
xmlsoft
|
libxml2
|
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-8872
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248362
|
7.5 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. The risk might be limited to requests submitted through CSRF.
|
CWE-22
Path Traversal
|
CVE-2017-8868
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248363
|
9.8 |
CRITICAL
Network
|
veritas
|
netbackup_appliance
|
In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.
|
NVD-CWE-noinfo
|
CVE-2017-8859
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248364
|
9.8 |
CRITICAL
Network
|
veritas
|
netbackup_appliance
netbackup
|
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-8858
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248365
|
9.8 |
CRITICAL
Network
|
veritas
|
netbackup_appliance
netbackup
|
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated file copy and arbitrary remote command execution using the 'bprd' process.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-8857
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248366
|
9.8 |
CRITICAL
Network
|
veritas
|
netbackup_appliance
netbackup
|
In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated, arbitrary remote command execution using the 'bprd' process.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-8856
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248367
|
7.5 |
HIGH
Network
|
wolfssl
|
wolfssl
|
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
|
NVD-CWE-noinfo
|
CVE-2017-8855
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248368
|
7.8 |
HIGH
Local
|
wolfssl
|
wolfssl
|
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8854
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248369
|
7.5 |
HIGH
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.
|
CWE-22
Path Traversal
|
CVE-2017-8853
|
2024-11-21 12:34 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248370
|
6.5 |
MEDIUM
Network
|
allen_disk_project
|
allen_disk
|
Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.
|
CWE-352
Origin Validation Error
|
CVE-2017-8848
|
2024-11-21 12:34 |
2017-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
