Open Bugtraq


2017-06-28
High
Med.
Med.
Med.
High
Low
2017-06-27
High
High
Med.
High
Med.
High
Med.


The latest CVEs

2017-06-25
CVE-2015-9099 Lame project LAME
The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file with a negative sample rate.

CVE-2015-9100 Lame project LAME
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

CVE-2015-9101 Lame project LAME
The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

CVE-2017-9869 Lame project LAME
The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

CVE-2017-9870 Lame project LAME
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.

CVE-2017-9871 Lame project LAME
The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

CVE-2017-9872 Lame project LAME
The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

2017-06-24
CVE-2017-9836 Piwigo Piwigo
Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album).

CVE-2017-9837 Piwigo Piwigo
The ws_session_logout function in Piwigo 2.9.1 and earlier does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

2017-06-23
CVE-2016-5893 IBM Sterling b2b integrator
IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.


Dorks


2017-06-28
Low
ZYPERX,HOLLOW
2017-06-27
Med.
Mersad Security Research
2017-06-26
Low
H.BBF3.4
Med.
MicrosoftInjectorTeam
Med.
Alireza Nejati

Copyright 2017, cxsecurity.com