|
247181
|
9.8 |
CRITICAL
Network
|
cohuhd
|
3960hd_firmware
|
The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "ro…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-8862
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247182
|
9.8 |
CRITICAL
Network
|
cohuhd
|
3960hd_firmware
|
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially craft…
|
CWE-287
Improper Authentication
|
CVE-2017-8861
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247183
|
6.5 |
MEDIUM
Network
|
cohuhd
|
3960hd_firmware
|
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web …
|
CWE-200
Information Exposure
|
CVE-2017-8860
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247184
|
9.1 |
CRITICAL
Network
|
varnish-cache
varnish_cache_project
debian
|
varnish
varnish_cache
debian_linux
|
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a V…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8807
|
2024-11-21 12:34 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247185
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
CWE-20
Improper Input Validation
|
CVE-2017-8815
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247186
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
CWE-20
Improper Input Validation
|
CVE-2017-8814
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247187
|
5.3 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
NVD-CWE-noinfo
|
CVE-2017-8812
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247188
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
|
CWE-20
Improper Input Validation
|
CVE-2017-8811
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247189
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the userna…
|
CWE-200
Information Exposure
|
CVE-2017-8810
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247190
|
9.8 |
CRITICAL
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
|
CWE-74
Injection
|
CVE-2017-8809
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
