|
265771
|
9.8 |
CRITICAL
Network
|
gnu
|
ncurses
|
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10684
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265772
|
7.5 |
HIGH
Network
|
mpg123
|
mpg123
|
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10683
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265773
|
9.8 |
CRITICAL
Network
|
piwigo
|
piwigo
|
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or stat…
|
CWE-89
SQL Injection
|
CVE-2017-10682
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265774
|
8.8 |
HIGH
Network
|
piwigo
|
piwigo
|
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.
|
CWE-352
Origin Validation Error
|
CVE-2017-10681
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265775
|
8.8 |
HIGH
Network
|
piwigo
|
piwigo
|
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted re…
|
CWE-352
Origin Validation Error
|
CVE-2017-10680
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265776
|
7.5 |
HIGH
Network
|
piwigo
|
piwigo
|
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID…
|
CWE-200
Information Exposure
|
CVE-2017-10679
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265777
|
8.8 |
HIGH
Network
|
piwigo
|
piwigo
|
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.
|
CWE-352
Origin Validation Error
|
CVE-2017-10678
|
2024-11-21 12:06 |
2017-06-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265778
|
6.1 |
MEDIUM
Network
|
get-simple
|
getsimple_cms
|
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10673
|
2024-11-21 12:06 |
2017-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265779
|
9.8 |
CRITICAL
Network
|
xml-libxml_project
debian
|
xml-libxml
debian_linux
|
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.
|
CWE-416
Use After Free
|
CVE-2017-10672
|
2024-11-21 12:06 |
2017-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265780
|
7.8 |
HIGH
Local
|
sthttpd_project
|
sthttpd
|
Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in sthttpd before 2.27.1 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impa…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-10671
|
2024-11-21 12:06 |
2017-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
