CVE-2017-9848 CVSS:0.0
SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. (Last Update:2017-06-24) (Publish Update:2017-06-24)
CVE-2017-9847 CVSS:0.0
The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (Last Update:2017-06-24) (Publish Update:2017-06-24)
CVE-2017-9846 CVSS:0.0
Winmail Server 6.1 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php move_folder_file call to move a .php file from the FTP folder into a web folder. (Last Update:2017-06-24) (Publish Update:2017-06-24)
CVE-2017-9837 CVSS:0.0
The ws_session_logout function in Piwigo 2.9.1 and earlier does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. (Last Update:2017-06-24) (Publish Update:2017-06-24)
CVE-2017-9836 CVSS:0.0
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album). (Last Update:2017-06-24) (Publish Update:2017-06-24)
CVE-2017-9833 CVSS:0.0
/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. (Last Update:2017-06-23) (Publish Update:2017-06-23)
CVE-2017-9832 CVSS:0.0
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. (Last Update:2017-06-23) (Publish Update:2017-06-23)
CVE-2017-9831 CVSS:0.0
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. (Last Update:2017-06-23) (Publish Update:2017-06-23)
CVE-2017-9829 CVSS:0.0
'/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable, which allows remote attackers to read any file on the camera's Linux filesystem via a crafted HTTP request containing ".." sequences. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. (Last Update:2017-06-23) (Publish Update:2017-06-23)
CVE-2017-9828 CVSS:0.0
'/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. (Last Update:2017-06-23) (Publish Update:2017-06-23)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com