Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27570 of 28129

CVE-2017-7314

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.

CVE-2017-7312

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).

CVE-2017-9470

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

CVE-2017-9472

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVE-2017-9474

Posted by Cyberthreat Blog | Jun 7, 2017 | CVE Notifications |

In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Author: Cyberthreat Blog

CVE-2017-7314

CVE-2017-7312

CVE-2017-9470

CVE-2017-9472

CVE-2017-9474