CVE-2017-18029
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
Source: CVE-2017-18029
[월:] 2018년 01월
CVE-2017-18028
CVE-2017-18028
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
Source: CVE-2017-18028
CVE-2017-18027
CVE-2017-18027
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
Source: CVE-2017-18027
CVE-2017-16739
CVE-2017-16739
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. Specially-crafted malicious files may be able to cause stack-based buffer overflow vulnerabilities, which may allow remote code execution.
Source: CVE-2017-16739
CVE-2017-16743
CVE-2017-16743
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx Series products running firmware Version 1.0 to 1.32. A remote unauthenticated attacker may be able to craft special HTTP requests allowing an attacker to bypass web-service authentication allowing the attacker to obtain administrative privileges on the device.
Source: CVE-2017-16743
CVE-2017-16737
CVE-2017-16737
An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
Source: CVE-2017-16737
CVE-2016-10705
CVE-2016-10705
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
Source: CVE-2016-10705
CVE-2016-10706
CVE-2016-10706
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
Source: CVE-2016-10706
CVE-2018-5262
CVE-2018-5262
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
Source: CVE-2018-5262
CVE-2017-17970
CVE-2017-17970
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/ajax/load_season.php; the (3) movie_id parameter to themes/flixer/ajax/get_rating.php; the (4) rating or (5) movie_id parameter to themes/flixer/ajax/update_rating.php; or the (6) id parameter to themes/flixer/ajax/set_player_source.php.
Source: CVE-2017-17970