|
264601
|
9.8 |
CRITICAL
Network
|
irssi
|
irssi
|
An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-10965
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264602
|
9.8 |
CRITICAL
Network
|
sqlite
|
sqlite
|
The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer ove…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10989
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264603
|
7.5 |
HIGH
Network
|
yaws
|
yaws
|
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protec…
|
CWE-22
Path Traversal
|
CVE-2017-10974
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264604
|
9.8 |
CRITICAL
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
|
CWE-94
Code Injection
|
CVE-2017-10968
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264605
|
6.5 |
MEDIUM
Network
|
finecms_project
|
finecms
|
In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-10973
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264606
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10967
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264607
|
7.5 |
HIGH
Network
|
swftools
|
swftools
|
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-10976
|
2024-11-21 12:06 |
2017-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264608
|
6.1 |
MEDIUM
Network
|
lutim_project
|
lutim
|
Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in an upload notification an…
|
CWE-79
Cross-site Scripting
|
CVE-2017-10975
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264609
|
6.5 |
MEDIUM
Network
|
x.org
|
xorg-server
|
Uninitialized data in endianness conversion in the XEvent handling of the X.Org X Server before 2017-06-19 allowed authenticated malicious users to access potentially privileged data from the X serve…
|
CWE-665
Improper Initialization
|
CVE-2017-10972
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264610
|
8.8 |
HIGH
Network
|
x.org
|
xorg-server
|
In the X.Org X server before 2017-06-19, a user authenticated to an X Session could crash or execute code in the context of the X Server by exploiting a stack overflow in the endianness conversion of…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-10971
|
2024-11-21 12:06 |
2017-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
