|
257641
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or nam…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11198
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257642
|
8.1 |
HIGH
Network
|
heimdal_project
freebsd
samba
apple
debian
|
heimdal
freebsd
samba
mac_os_x
iphone_os
debian_linux
|
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11103
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257643
|
9.8 |
CRITICAL
Network
|
xoops
|
xoops
|
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of …
|
CWE-89
SQL Injection
|
CVE-2017-11174
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257644
|
8.8 |
HIGH
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malici…
|
CWE-352
Origin Validation Error
|
CVE-2017-11196
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257645
|
6.1 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11195
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257646
|
6.1 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and i…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11194
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257647
|
8.8 |
HIGH
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These …
|
CWE-352
Origin Validation Error
|
CVE-2017-11193
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257648
|
7.8 |
HIGH
Local
|
rarzilla
|
unrar-free
|
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspeci…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11190
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257649
|
6.5 |
MEDIUM
Network
|
rarzilla
|
unrar-free
|
unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11189
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257650
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
|
CWE-834
Excessive Iteration
|
CVE-2017-11188
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
