|
253181
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9091
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253182
|
7.5 |
HIGH
Network
|
allen_disk_project
|
allen_disk
|
reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
|
CWE-20
Improper Input Validation
|
CVE-2017-9090
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253183
|
6.5 |
MEDIUM
Network
|
freedesktop
|
poppler
|
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9083
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253184
|
8.8 |
HIGH
Network
|
playsms
|
playsms
|
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9080
|
2024-11-21 12:35 |
2017-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253185
|
4.7 |
MEDIUM
Local
|
dropbear_ssh_project
debian
|
dropbear_ssh
debian_linux
|
Dropbear before 2017.75 might allow local users to read certain files as root, if the file has the authorized_keys file format with a command= option. This occurs because ~/.ssh/authorized_keys is re…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9079
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253186
|
8.8 |
HIGH
Network
|
dropbear_ssh_project
debian
netapp
|
dropbear_ssh
debian_linux
h410c_firmware
|
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
|
CWE-415
Double Free
|
CVE-2017-9078
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253187
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified …
|
NVD-CWE-noinfo
|
CVE-2017-9077
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253188
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified…
|
NVD-CWE-noinfo
|
CVE-2017-9076
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253189
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified …
|
NVD-CWE-noinfo
|
CVE-2017-9075
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253190
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9074
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
