Show filters
733 Total Results
Displaying 431-440 of 733
Sort by:
Attacker Value
Unknown

CVE-2017-17734

Disclosure Date: December 18, 2017 (last updated November 26, 2024)
CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login information in sessions.
0
0
Attacker Value
Unknown

CVE-2017-17500

Disclosure Date: December 11, 2017 (last updated November 08, 2023)
ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a magick/import.c ImportRGBQuantumType heap-based buffer over-read via a crafted file.
0
0
Attacker Value
Unknown

CVE-2017-17503

Disclosure Date: December 11, 2017 (last updated November 08, 2023)
ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a magick/import.c ImportGrayQuantumType heap-based buffer over-read via a crafted file.
0
0
Attacker Value
Unknown

CVE-2017-17501

Disclosure Date: December 11, 2017 (last updated November 08, 2023)
WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a heap-based buffer over-read via a crafted file.
0
0
Attacker Value
Unknown

CVE-2017-17498

Disclosure Date: December 11, 2017 (last updated November 08, 2023)
WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (bit_stream.c MagickBitStreamMSBWrite heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
0
0
Attacker Value
Unknown

CVE-2017-17502

Disclosure Date: December 11, 2017 (last updated November 08, 2023)
ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a magick/import.c ImportCMYKQuantumType heap-based buffer over-read via a crafted file.
0
0
Attacker Value
Unknown

CVE-2017-13663

Disclosure Date: December 01, 2017 (last updated November 26, 2024)
Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key.
0
0
Attacker Value
Unknown

CVE-2017-13664

Disclosure Date: December 01, 2017 (last updated November 26, 2024)
Password file exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to execute arbitrary commands with administrative privileges by retrieving credentials from this file.
0
0
Attacker Value
Unknown

CVE-2017-16799

Disclosure Date: November 12, 2017 (last updated November 26, 2024)
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
0
0
Attacker Value
Unknown

CVE-2017-16798

Disclosure Date: November 12, 2017 (last updated November 26, 2024)
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >