Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2017-17915 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadMNGImage in coders/png.c, related to accessing one byte before testing whether a limit has been reached. | 8.8 |
| 2017-12-27 | CVE-2017-17913 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type. | 8.8 |
| 2017-12-27 | CVE-2017-17912 | Out-of-bounds Read vulnerability in multiple products In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region. | 8.8 |
| 2017-12-27 | CVE-2017-17908 | Cross-Site Request Forgery (CSRF) vulnerability in Responsive Realestate Script Project Responsive Realestate Script 3.3.3 PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general. | 8.8 |
| 2017-12-27 | CVE-2017-17905 | Cross-Site Request Forgery (CSRF) vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8 PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. | 8.8 |
| 2017-12-27 | CVE-2017-17903 | Cross-Site Request Forgery (CSRF) vulnerability in Fortunescripts Lynda Clone 1.0 FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel. | 8.8 |
| 2017-12-27 | CVE-2017-17898 | Information Exposure vulnerability in Dolibarr Erp/Crm 6.0.4 Dolibarr ERP/CRM version 6.0.4 does not block direct requests to *.tpl.php files, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-12-27 | CVE-2017-17894 | Cross-Site Request Forgery (CSRF) vulnerability in Basic JOB Site Script Project Basic JOB Site Script Readymade Job Site Script has CSRF via the /job URI. | 8.8 |
| 2017-12-27 | CVE-2017-17891 | Cross-Site Request Forgery (CSRF) vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2 Readymade Video Sharing Script has CSRF via user-profile-edit.php. | 8.8 |
| 2017-12-27 | CVE-2017-17888 | OS Command Injection vulnerability in Hoytech Antiweb cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 --> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer devices, allows remote authenticated users to execute arbitrary OS commands via crafted multipart/form-data content, a different vulnerability than CVE-2017-9097. | 8.8 |