|
253571
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wvr450l_firmware
tl-wvr458l_firmware
tl-wvr900l_firmware
tl-wvr1200l_firmware
tl-wvr1300l_firmware
tl-wvr1750l_firmware
tl-wvr2600l_firmware
tl-wvr4300l_firmware
tl-war450l…
|
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to …
|
CWE-78
OS Command
|
CVE-2017-17758
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253572
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wvr450l_firmware
tl-wvr458l_firmware
tl-wvr900l_firmware
tl-wvr1200l_firmware
tl-wvr1300l_firmware
tl-wvr1750l_firmware
tl-wvr2600l_firmware
tl-wvr4300l_firmware
tl-war450l…
|
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related t…
|
CWE-78
OS Command
|
CVE-2017-17757
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253573
|
9.8 |
CRITICAL
Network
|
zuuse
|
beims_contractorweb_.net
|
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorde…
|
CWE-89
SQL Injection
|
CVE-2017-17721
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253574
|
9.8 |
CRITICAL
Network
|
paid_to_read_script_project
|
paid_to_read_script
|
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17651
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253575
|
6.1 |
MEDIUM
Network
|
readymade_video_sharing_script_project
|
readymade_video_sharing_script
|
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
|
CWE-94
Code Injection
|
CVE-2017-17649
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253576
|
9.8 |
CRITICAL
Network
|
phpautoclassifiedscript
|
bus_booking_script
|
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
|
CWE-89
SQL Injection
|
CVE-2017-17645
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253577
|
9.8 |
CRITICAL
Network
|
lynda_clone_project
|
lynda_clone
|
FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/.
|
CWE-89
SQL Injection
|
CVE-2017-17643
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253578
|
6.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-17741
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253579
|
7.5 |
HIGH
Network
|
openldap
opensuse
oracle
mcafee
|
openldap
leap
blockchain_platform
policy_auditor
|
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17740
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253580
|
9.8 |
CRITICAL
Network
|
brightsign
|
4k242_firmware
|
The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has directory traversal via the /storage.html rp parameter, allowing an attacker to read or write to files.
|
CWE-22
Path Traversal
|
CVE-2017-17739
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
