Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27232 of 28220

CVE-2017-11704

Posted by Cyberthreat Blog | Jul 28, 2017 | CVE Notifications |

A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11715

Posted by Cyberthreat Blog | Jul 28, 2017 | CVE Notifications |

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions...

CVE-2017-11719

Posted by Cyberthreat Blog | Jul 28, 2017 | CVE Notifications |

The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD...

CVE-2017-11716

Posted by Cyberthreat Blog | Jul 28, 2017 | CVE Notifications |

MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.

CVE-2017-11718

Posted by Cyberthreat Blog | Jul 28, 2017 | CVE Notifications |

There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.

Author: Cyberthreat Blog

CVE-2017-11704

CVE-2017-11715

CVE-2017-11719

CVE-2017-11716

CVE-2017-11718