Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-29 | CVE-2017-10683 | Out-of-bounds Read vulnerability in Mpg123 1.25.0 In mpg123 1.25.0, there is a heap-based buffer over-read in the convert_latin1 function in libmpg123/id3.c. | 7.5 |
| 2017-06-29 | CVE-2017-10681 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10680 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to change a private album to public via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-10679 | Information Exposure vulnerability in Piwigo Piwigo through 2.9.1 allows remote attackers to obtain sensitive information about the descriptive name of a permalink by examining the redirect URL that is returned in a request for the permalink ID number of a private album. | 7.5 |
| 2017-06-29 | CVE-2017-10678 | Cross-Site Request Forgery (CSRF) vulnerability in Piwigo Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to delete permalinks via a crafted request. | 8.8 |
| 2017-06-29 | CVE-2017-2851 | Classic Buffer Overflow vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. | 7.2 |
| 2017-06-29 | CVE-2017-2850 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. | 8.8 |
| 2017-06-29 | CVE-2017-2849 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. | 8.8 |
| 2017-06-29 | CVE-2017-2848 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. | 8.8 |
| 2017-06-29 | CVE-2017-2847 | OS Command Injection vulnerability in Foscam C1 Indoor HD Camera Firmware 2.52.2.37 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. | 8.8 |