Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 27879 of 28407

CVE-2017-9304

Posted by Cyberthreat Blog | May 30, 2017 | CVE Notifications |

libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.

CVE-2017-9306

Posted by Cyberthreat Blog | May 30, 2017 | CVE Notifications |

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an “<svg/onload=" substring instead of an "<svg onload=" substring.

CVE-2017-8782

Posted by Cyberthreat Blog | May 30, 2017 | CVE Notifications |

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer...

CVE-2017-9307

Posted by Cyberthreat Blog | May 30, 2017 | CVE Notifications |

SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.

CVE-2017-8402

Posted by Cyberthreat Blog | May 30, 2017 | CVE Notifications |

PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.

Author: Cyberthreat Blog

CVE-2017-9304

CVE-2017-9306

CVE-2017-8782

CVE-2017-9307

CVE-2017-8402