CVE-2017-1352
IBM Maximo Asset Management 7.5 and 7.6 could allow an authenicated user to inject commands into work orders that could be executed by another user that downloads the affected file. IBM X-Force ID: 126538.
Source: CVE-2017-1352
[월:] 2017년 09월
CVE-2017-8015
CVE-2017-8015
EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Source: CVE-2017-8015
CVE-2017-14347
CVE-2017-14347
NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.
Source: CVE-2017-14347
CVE-2017-14348
CVE-2017-14348
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
Source: CVE-2017-14348
CVE-2017-14344
CVE-2017-14344
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
Source: CVE-2017-14344
CVE-2017-14345
CVE-2017-14345
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.
Source: CVE-2017-14345
CVE-2017-8918
CVE-2017-8918
XXE in Dive Assistant – Template Builder in Blackwave Dive Assistant – Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
Source: CVE-2017-8918
CVE-2017-14346
CVE-2017-14346
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
Source: CVE-2017-14346
CVE-2017-14342
CVE-2017-14342
ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.
Source: CVE-2017-14342
CVE-2017-14343
CVE-2017-14343
ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.
Source: CVE-2017-14343