CVE-2017-17915 (graphicsmagick)

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

Source: CVE-2017-17915 (graphicsmagick)

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.

Source: CVE-2017-17906

CVE-2017-17904

FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile.

Source: CVE-2017-17904

CVE-2017-17930

PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.

Source: CVE-2017-17930

CVE-2017-17915

In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached.

Source: CVE-2017-17915

CVE-2017-17903

FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.

Source: CVE-2017-17903

CVE-2017-17935

The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip ‘n’ characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.

Source: CVE-2017-17935

CVE-2017-17929

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.

Source: CVE-2017-17929

CVE-2017-17927

PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.

Source: CVE-2017-17927

CVE-2017-17925

PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.

Source: CVE-2017-17925