This archive contains all of the 169 exploits added to Packet Storm in July, 2017.
642e411a9b77097a1e4a56ebbebd1af9ef8cfdc4d1b659e7fb945bd5e9f1db4d
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis version 1.3.5 can cause a denial of service (OOM) via a crafted wav file.
7579257c139a0255d0050c599ca09747f8e3646f71f6269c586a92c46e5abf32
The startread function in wav.c in Sound eXchange(SoX) version 14.4.2 can cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
af14da524a2fb01df11b7535dcdaae5b1869c70f4a3349cfc2f7fa546f6b8d34
Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 suffers from a persistent cross site scripting vulnerability.
436fa0bce96b432cc53cebe95a1a22ae31fb0609f0f4a08f9049bd7a51546ec4
The insert_note_steps function in readmidi.c in TiMidity++ version 2.14.0 can cause a denial of service (divide-by-zero error and application crash) via a crafted mid file.
22dd3ae9d9d61dac3e51d459d2c11efba61808fc42ebf8b08223e5399db6479e
The id3_ucs4_length function in ucs4.c in libid3tag version 0.15.1b can cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
b165ba6c2059549e131498730a65033270647ae0d9f87b03e7f8557fecc87b97
MEDHOST Connex contains a hard-coded Mirth Connect administrative credential that is used for customer Mirth Connect management access.
cda33f4b8f74ced06fc2e4ed54419dc5dfee4468eadbb61de781b387fcd999b6
The mad_decoder_run function in decoder.c in libmad version 0.15.1b can cause a denial of service (memory corruption) via a crafted mp3 file.
c6cce95ec4be2cbec7c267429a6a982988b373f894144e141477d2b2b2f28f67
The _tokenize_matrix function in audio_out.c in Xiph.Org libao version 1.2.0 can cause a denial of service (memory corruption) via a crafted mp3 file.
2d194a8acef51dcd0b21a341eb04a87880fd0a401aeeab8b4fdd34e06cecce1b
ALZip version 8.51 suffers from buffer overflow and file creation vulnerabilities.
c12e8fcc5c3c680d7dde2ca1257975ec8e0e2540c23524db4d6266b0322dd514
The wav_open function in oggenc/audio.c in vorbis-tools version 1.4.0 can cause a denial of service (memory allocation error) via a crafted wav file.
842a04f4decc33b5213edeb39b31fccf5962ed48f9b3b5285d2bc91479c0f279
DivFix++ version 0.34 suffers from a denial of service vulnerability.
a846092067346222e8d5593d32693e3acab6715c2e2ab5b4dd74c2f099b968f2
Nosefart version 2.9-mis suffers from a denial of service vulnerability.
04ca6de64a640e2cab8683b3156acee955bc811e2bb8aac39610ac21dee71b71
The ExifJpegHUFFTable::deriveTable function in src/ExifHuffmanTable.cpp in OpenExif version 2.1.4 can cause a denial of service (heap buffer overflow and application crash) via a crafted jpg file.
10eab2ee9bcce5fc7204a719c72e1d7916acceba0f9f95d20ce65eb80ec5a4d5
The put_chars function in html_r.c in Links version 2.14 can cause a denial of service (buffer over-read) via a crafted html file.
cbed86604219afa78083a48d4a5911f7d3eeacdbee5fab79d432a515d70be1d4
DiskBoss Enterprise version 8.2.14 suffers from a buffer overflow vulnerability.
858ddff65cda6c9b2317b9571623890c96fa0f3ab49730a1e1062eab5549def3
WordPress Logosware Suite Uploader plugin version 1.1.6 suffers from a remote file upload vulnerability.
2531ee7b4cb23d14c69a7e25085a54b74b7c9ba5a043456e5ac526794d0edfea
Jenkins versions prior to 1.650 suffer from a java deserialization vulnerability.
f932931a24baa84b8aaf780ee1292f4ad857cbdaed0ab3be3e22d84b53765295
Flash Slideshow Maker Professional suffers from content forgery, cross site scripting, and unvalidated redirection vulnerabilities.
42eac64a54e866d130ce704069f41b2421573cdcc2bc1d1060eab0eae7eb0151
FortiOS versions 5.6.0 and below suffer from multiple cross site scripting vulnerabilities.
71fbedf56a3bafd4cc88cb2e304237b4c03ba85b1ea19fec83553c621e157acf
Vehicle Workshop suffers from a remote SQL injection vulnerability.
b10f2276eb392a9d2bc37191fcc13c1728099feee1bfb249253f90ed30a15832
TYPO3 Formhandler version 2.4.0 suffers from a cross site scripting vulnerability.
1d3622f0e4f3d15078215547598f31908bda1104d6de15ccb96b0669109dc293
Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.
ff7df61d3c20ef698eeacd98caa047a8dc5114df5d8ba8103bd56c8c1fd454e9
KATHREIN UFSconnect 916 and 906 with firmware version 2.23 build 224 suffer from denial of service and unauthenticated access vulnerabilities.
d34e42d46978401f5571e9b56b01a873a736e3891811d9f953a96ac17a8a227b
Friends in War Make or Break version 1.7 suffers from a remote SQL injection vulnerability.
3e428a06a729d50e22f570bba3e4442fe85fee20da24dfbfaf5e621126710aed