Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27321 of 28220

CVE-2017-11127

Posted by Cyberthreat Blog | Jul 17, 2017 | CVE Notifications |

Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a “Content-Type: image/svg+xml” header.

CVE-2017-11367

Posted by Cyberthreat Blog | Jul 17, 2017 | CVE Notifications |

The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data.

CVE-2017-10986

Posted by Cyberthreat Blog | Jul 17, 2017 | CVE Notifications |

An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows “DHCP – Infinite read in dhcp_attr2vp()” and a denial of service.

CVE-2017-10981

Posted by Cyberthreat Blog | Jul 17, 2017 | CVE Notifications |

An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows “DHCP – Memory leak in fr_dhcp_decode()” and a denial of service.

CVE-2017-11361

Posted by Cyberthreat Blog | Jul 17, 2017 | CVE Notifications |

Inteno routers have a JUCI ACL misconfiguration that allows the “user” account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the...

Author: Cyberthreat Blog

CVE-2017-11127

CVE-2017-11367

CVE-2017-10986

CVE-2017-10981

CVE-2017-11361