|
252651
|
8.8 |
HIGH
Adjacent
|
dlink
|
dir-600m_firmware
|
login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.
|
CWE-287
Improper Authentication
|
CVE-2017-9100
|
2024-11-21 12:35 |
2017-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252652
|
7.5 |
HIGH
Network
|
imagemagick
graphicsmagick
debian
|
imagemagick
graphicsmagick
debian_linux
|
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2017-9098
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252653
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9094
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252654
|
6.5 |
MEDIUM
Network
|
entropymine
|
imageworsener
|
The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-9093
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252655
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9091
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252656
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9090
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252657
|
6.5 |
MEDIUM
Network
|
freedesktop
|
poppler
|
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9083
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252658
|
8.8 |
HIGH
Network
|
playsms
|
playsms
|
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9080
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252659
|
4.7 |
MEDIUM
Local
|
dropbear_ssh_project
debian
|
dropbear_ssh
debian_linux
|
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is re…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9079
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252660
|
8.8 |
HIGH
Network
|
dropbear_ssh_project
debian
netapp
|
dropbear_ssh
debian_linux
h410c_firmware
|
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
|
CWE-415
Double Free
|
CVE-2017-9078
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
