|
247581
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7944
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247582
|
6.5 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving …
|
CWE-352
Origin Validation Error
|
CVE-2017-8082
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247583
|
5.3 |
MEDIUM
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
|
CWE-287
Improper Authentication
|
CVE-2017-8078
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247584
|
7.5 |
HIGH
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-8077
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247585
|
9.8 |
CRITICAL
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, admin network communications are RC4 encoded, even though RC4 is deprecated. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-8076
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247586
|
9.8 |
CRITICAL
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-8075
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247587
|
9.8 |
CRITICAL
Network
|
tp-link
|
tl-sg108e_firmware
|
On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmw…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-8074
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247588
|
7.5 |
HIGH
Network
|
weechat
debian
|
weechat
debian_linux
|
WeeChat before 1.7.1 allows a remote crash by sending a filename via DCC to the IRC plugin. This occurs in the irc_ctcp_dcc_filename_without_quotes function during quote removal, with a buffer overfl…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8073
|
2024-11-21 12:33 |
2017-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247589
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local us…
|
CWE-388
7PK - Errors
|
CVE-2017-8072
|
2024-11-21 12:33 |
2017-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247590
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2017-8071
|
2024-11-21 12:33 |
2017-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
