|
252541
|
9.8 |
CRITICAL
Network
|
ninka_project
|
ninka
|
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
|
CWE-74
Injection
|
CVE-2017-7239
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252542
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose_embedded_web_server_library
mongoose_os
|
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows r…
|
CWE-416
Use After Free
|
CVE-2017-7185
|
2024-11-21 12:31 |
2017-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252543
|
9.8 |
CRITICAL
Network
|
spiceworks
|
spiceworks
|
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of th…
|
NVD-CWE-noinfo
|
CVE-2017-7237
|
2024-11-21 12:31 |
2017-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252544
|
7.5 |
HIGH
Network
|
starscream_project
|
starscream
|
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7192
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252545
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7454
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252546
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7453
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252547
|
5.5 |
MEDIUM
Local
|
entropymine
|
imageworsener
|
The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-7452
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252548
|
9.8 |
CRITICAL
Network
|
airtame
|
hdmi_dongle_firmware
|
AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot,…
|
CWE-287
Improper Authentication
|
CVE-2017-7450
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252549
|
5.5 |
MEDIUM
Local
|
dropbox
|
lepton
|
The allocate_channel_framebuffer function in uncompressed_components.hh in Dropbox Lepton 1.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a…
|
CWE-369
Divide By Zero
|
CVE-2017-7448
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252550
|
8.8 |
HIGH
Network
|
helpdezk
|
helpdezk
|
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
|
CWE-352
Origin Validation Error
|
CVE-2017-7447
|
2024-11-21 12:31 |
2017-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
