Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-18634 1 Tagdiv 1 Newspaper 2024-11-21 9.8 Critical
The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.
CVE-2017-18605 1 Gravitatedesign 1 Gravitate Qa Tracker 2024-11-21 9.8 Critical
The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.
CVE-2017-18514 1 Simplerealtytheme 1 Simple Login Log 2024-11-21 9.8 Critical
The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.
CVE-2017-18379 1 Linux 1 Linux Kernel 2024-11-21 9.8 Critical
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.
CVE-2017-18377 1 Goahead 2 Wireless Ip Camera Wificam, Wireless Ip Camera Wificam Firmware 2024-11-21 9.8 Critical
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.
CVE-2017-18342 2 Fedoraproject, Pyyaml 2 Fedora, Pyyaml 2024-11-21 9.8 Critical
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
CVE-2017-18025 1 Innotube 1 Itguard Manager 2024-11-21 9.8 Critical
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter.
CVE-2017-17674 1 Bmc 1 Remedy Mid-tier 2024-11-21 9.8 Critical
BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).
CVE-2017-16347 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.
CVE-2017-16346 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c368 the value for the s_mac key is copied using strcpy to the buffer at 0xa000170c. This buffer is 25 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".
CVE-2017-16345 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the s_port key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".
CVE-2017-16344 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3".
CVE-2017-16343 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
CVE-2017-16342 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow.
CVE-2017-16341 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow.
CVE-2017-16340 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow.
CVE-2017-16339 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bb1c the value for the uri key is copied using strcpy to the buffer at 0xa00016a0. This buffer is 64 bytes large, sending anything longer will cause a buffer overflow.
CVE-2017-16338 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01bad0 the value for the host key is copied using strcpy to the buffer at 0xa00016e0. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow.
CVE-2017-16020 1 Summit Project 1 Summit 2024-11-21 9.8 Critical
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
CVE-2017-15681 1 Craftercms 1 Crafter Cms 2024-11-21 9.8 Critical
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.