CVE-2017-14118 (eonweb)
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolsinterface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
Source: CVE-2017-14118 (eonweb)
CVE-2017-14119 (eonweb)
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolssnmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
Source: CVE-2017-14119 (eonweb)
CVE-2017-14121 (unrar)
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.
Source: CVE-2017-14121 (unrar)
CVE-2017-14120 (unrar)
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Source: CVE-2017-14120 (unrar)
CVE-2017-14122 (unrar)
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Source: CVE-2017-14122 (unrar)
CVE-2017-14121
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive.
Source: CVE-2017-14121
CVE-2017-14119
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolssnmpwalk.php does not properly restrict popen calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in a parameter.
Source: CVE-2017-14119
CVE-2017-14122
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Source: CVE-2017-14122
CVE-2017-14118
In the EyesOfNetwork web interface (aka eonweb) 5.1-0, moduletool_alltoolsinterface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the host_list parameter to module/tool_all/select_tool.php.
Source: CVE-2017-14118
CVE-2017-14120
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Source: CVE-2017-14120