CVE-2017-6503 (qbittorrent)
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
Source: CVE-2017-6503 (qbittorrent)
[월:] 2017년 03월
CVE-2017-6497
CVE-2017-6497
An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).
Source: CVE-2017-6497
CVE-2017-6504
CVE-2017-6504
WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.
Source: CVE-2017-6504
CVE-2017-6499
CVE-2017-6499
An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS).
Source: CVE-2017-6499
CVE-2017-6500
CVE-2017-6500
An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
Source: CVE-2017-6500
CVE-2017-6501
CVE-2017-6501
An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.
Source: CVE-2017-6501
CVE-2017-6334
CVE-2017-6334
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
Source: CVE-2017-6334
CVE-2017-6503
CVE-2017-6503
WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
Source: CVE-2017-6503
CVE-2017-6416
CVE-2017-6416
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
Source: CVE-2017-6416
CVE-2017-6498
CVE-2017-6498
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
Source: CVE-2017-6498