|
257651
|
9.8 |
CRITICAL
Network
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2017-11187
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257652
|
9.8 |
CRITICAL
Network
|
finecms_project
|
finecms
|
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo(…
|
CWE-94
Code Injection
|
CVE-2017-11167
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257653
|
9.8 |
CRITICAL
Network
|
datataker
|
dt80_dex_firmware
|
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
|
CWE-200
Information Exposure
|
CVE-2017-11165
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257654
|
5.4 |
MEDIUM
Network
|
fairsketch
|
rise_ultimate_project_manager
|
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11182
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257655
|
5.4 |
MEDIUM
Network
|
fairsketch
|
rise_ultimate_project_manager
|
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11181
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257656
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login scre…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11180
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257657
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11179
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257658
|
7.5 |
HIGH
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example,…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11178
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257659
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to …
|
CWE-416
Use After Free
|
CVE-2017-11176
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257660
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-session
|
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11171
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
