Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-29 CVE-2017-10683 Out-of-bounds Read vulnerability in Mpg123 1.25.0
In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c.
network
low complexity
mpg123 CWE-125
7.5
2017-06-29 CVE-2017-10681 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.
network
low complexity
piwigo CWE-352
8.8
2017-06-29 CVE-2017-10680 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request.
network
low complexity
piwigo CWE-352
8.8
2017-06-29 CVE-2017-10679 Information Exposure vulnerability in Piwigo
Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album.
network
low complexity
piwigo CWE-200
7.5
2017-06-29 CVE-2017-10678 Cross-Site Request Forgery (CSRF) vulnerability in Piwigo
Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request.
network
low complexity
piwigo CWE-352
8.8
2017-06-29 CVE-2017-2851 Classic Buffer Overflow vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
network
low complexity
foscam CWE-120
7.2
2017-06-29 CVE-2017-2850 OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server.
network
low complexity
foscam CWE-78
8.8
2017-06-29 CVE-2017-2849 OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection.
network
low complexity
foscam CWE-78
8.8
2017-06-29 CVE-2017-2848 OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection.
network
low complexity
foscam CWE-78
8.8
2017-06-29 CVE-2017-2847 OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37
In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection.
network
low complexity
foscam CWE-78
8.8