CVE-2017-11350
Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices.
Source: CVE-2017-11350
[월:] 2017년 09월
CVE-2017-6008
CVE-2017-6008
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
Source: CVE-2017-6008
CVE-2017-13724
CVE-2017-13724
On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.
Source: CVE-2017-13724
CVE-2017-14398
CVE-2017-14398
rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to DevicePhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.
Source: CVE-2017-14398
CVE-2017-14403
CVE-2017-14403
The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.
Source: CVE-2017-14403
CVE-2017-14409
CVE-2017-14409
A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
Source: CVE-2017-14409
CVE-2017-14404
CVE-2017-14404
The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.
Source: CVE-2017-14404
CVE-2017-14411
CVE-2017-14411
A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.
Source: CVE-2017-14411
CVE-2017-14410
CVE-2017-14410
A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
Source: CVE-2017-14410
CVE-2017-14408
CVE-2017-14408
A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.
Source: CVE-2017-14408