|
247041
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9547
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247042
|
5.7 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9546
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247043
|
9.8 |
CRITICAL
Network
|
echatserver
|
easy_chat_server
|
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-9544
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247044
|
7.5 |
HIGH
Network
|
echatserver
|
easy_chat_server
|
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-9543
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247045
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation …
|
CWE-287
Improper Authentication
|
CVE-2017-9542
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247046
|
7.8 |
HIGH
Local
|
mruby
debian
|
mruby
debian_linux
|
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impac…
|
CWE-416
Use After Free
|
CVE-2017-9527
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247047
|
5.9 |
MEDIUM
Network
|
gnupg
|
libgcrypt
|
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ec…
|
CWE-200
Information Exposure
|
CVE-2017-9526
|
2024-11-21 12:36 |
2017-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247048
|
6.7 |
MEDIUM
Local
|
cron_project
debian
|
cron
debian_linux
|
In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks aga…
|
CWE-59
Link Following
|
CVE-2017-9525
|
2024-11-21 12:36 |
2017-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247049
|
6.1 |
MEDIUM
Network
|
sophos
|
web_appliance
|
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9523
|
2024-11-21 12:36 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247050
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
The r_config_set function in libr/config/config.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted DEX file.
|
CWE-416
Use After Free
|
CVE-2017-9520
|
2024-11-21 12:36 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
