CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5451 CVE-2017-2862 119 Exec Code Overflow 2017-09-05 2017-11-07
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability.
5452 CVE-2017-2851 119 Overflow 2017-06-29 2017-07-05
6.0
None Remote Medium Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
5453 CVE-2017-2850 444 Bypass 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5454 CVE-2017-2849 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5455 CVE-2017-2848 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5456 CVE-2017-2847 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5457 CVE-2017-2846 77 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5458 CVE-2017-2845 77 Exec Code 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution
5459 CVE-2017-2844 77 Exec Code 2017-06-29 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5460 CVE-2017-2842 77 Exec Code 2017-06-27 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5461 CVE-2017-2841 77 Exec Code 2017-06-27 2017-07-05
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5462 CVE-2017-2840 119 Exec Code Overflow 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability.
5463 CVE-2017-2835 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.
5464 CVE-2017-2834 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.
5465 CVE-2017-2828 77 2017-06-21 2017-06-28
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5466 CVE-2017-2827 77 2017-06-21 2017-06-28
6.5
None Remote Low Single system Partial Partial Partial
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability.
5467 CVE-2017-2825 16 2018-04-20 2018-05-22
6.8
None Remote Medium Not required Partial Partial Partial
In the trapper functionality of Zabbix Server 2.4.x, specifically crafted trapper packets can pass database logic checks, resulting in database writes. An attacker can set up a Man-in-the-Middle server to alter trapper requests made between an active Zabbix proxy and Server to trigger this vulnerability.
5468 CVE-2017-2824 77 Exec Code 2017-05-24 2017-11-05
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.
5469 CVE-2017-2823 416 Exec Code 2017-05-24 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability.
5470 CVE-2017-2822 119 Exec Code Overflow 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A maliciously crafted PDF file can be used to trigger this vulnerability.
5471 CVE-2017-2821 416 Exec Code 2017-09-05 2017-09-07
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution.
5472 CVE-2017-2820 190 Exec Code Overflow 2017-07-12 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
5473 CVE-2017-2819 119 Exec Code Overflow 2017-05-24 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap-based buffer overflow exists in the Hangul Word Processor component (version 9.6.1.4350) of Hancom Thinkfree Office NEO 9.6.1.4902. A specially crafted document stream can cause an integer underflow resulting in a buffer overflow which can lead to code execution under the context of the application. An attacker can entice a user to open up a document in order to trigger this vulnerability.
5474 CVE-2017-2818 119 Overflow 2017-07-12 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.
5475 CVE-2017-2817 119 Exec Code Overflow 2017-05-24 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
A stack buffer overflow vulnerability exists in the ISO parsing functionality of Power Software Ltd PowerISO 6.8. A specially crafted ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific ISO file to trigger this vulnerability.
5476 CVE-2017-2816 119 Overflow 2017-09-13 2018-02-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.
5477 CVE-2017-2814 119 Exec Code Overflow 2017-07-12 2017-07-17
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.
5478 CVE-2017-2813 190 Exec Code Overflow 2017-06-21 2017-07-03
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable integer overflow vulnerability exists in the JPEG 2000 parser functionality of IrfanView 4.44. A specially crafted jpeg2000 image can cause an integer overflow leading to wrong memory allocation resulting in arbitrary code execution. Vulnerability can be triggered by viewing the image in via the application or by using thumbnailing feature of IrfanView.
5479 CVE-2017-2812 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A code execution vulnerability exists in the kdu_buffered_expand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise.
5480 CVE-2017-2811 787 Exec Code 2018-04-24 2018-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A code execution vulnerability exists in the Kakadu SDK 7.9's parsing of compressed JPEG 2000 images. A specially crafted JPEG 2000 file can be read by the program, and can lead to an out of bounds write causing an exploitable condition to arise.
5481 CVE-2017-2809 94 Exec Code 2017-09-14 2017-10-02
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable vulnerability exists in the yaml loading functionality of ansible-vault before 1.0.5. A specially crafted vault can execute arbitrary python commands resulting in command execution. An attacker can insert python into the vault to trigger this vulnerability.
5482 CVE-2017-2808 416 Exec Code 2017-09-05 2019-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.
5483 CVE-2017-2807 119 Exec Code Overflow 2017-09-05 2019-07-21
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.
5484 CVE-2017-2804 787 Mem. Corr. 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability.
5485 CVE-2017-2803 787 Mem. Corr. 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
A remote out of bound write vulnerability exists in the TIFF parsing functionality of Core PHOTO-PAINT X8 version 18.1.0.661. A specially crafted TIFF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific TIFF file to trigger this vulnerability. This vulnerability only exists in the 64-bit version.
5486 CVE-2017-2802 426 2018-04-24 2018-06-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability.
5487 CVE-2017-2799 119 Exec Code Overflow 2017-05-24 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the AddSst functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.
5488 CVE-2017-2798 119 Exec Code Overflow 2017-05-24 2017-06-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the GetIndexArray functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted XLS file can cause a heap corruption resulting in arbitrary code execution. An attacker can send or provide a malicious XLS file to trigger this vulnerability.
5489 CVE-2017-2797 119 Overflow 2017-05-23 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6.
5490 CVE-2017-2795 119 Exec Code Overflow 2018-09-07 2018-11-14
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.
5491 CVE-2017-2794 119 Exec Code Overflow 2017-05-23 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT file to trigger this vulnerability.
5492 CVE-2017-2793 119 Exec Code Overflow 2017-05-23 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.
5493 CVE-2017-2792 119 Exec Code Overflow 2018-09-07 2018-11-15
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the iBldDirInfo functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious xls file to trigger this vulnerability.
5494 CVE-2017-2791 119 Exec Code Overflow 2017-02-24 2017-03-02
6.8
None Remote Medium Not required Partial Partial Partial
JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application.
5495 CVE-2017-2784 295 Exec Code 2017-04-20 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
5496 CVE-2017-2783 119 Exec Code Overflow 2017-05-23 2017-06-01
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap corruption vulnerability exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter that is shipped with MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious xls file to trigger this vulnerability.
5497 CVE-2017-2782 190 Overflow XSS 2017-06-22 2017-06-29
6.4
None Remote Low Not required Partial None Partial
An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection
5498 CVE-2017-2779 787 Exec Code Mem. Corr. 2017-09-05 2017-09-13
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.
5499 CVE-2017-2777 190 Overflow 2018-09-17 2018-11-06
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability.
5500 CVE-2017-2775 119 Exec Code Overflow Mem. Corr. 2017-03-31 2017-05-23
6.8
None Remote Medium Not required Partial Partial Partial
An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.