|
255761
|
7.5 |
HIGH
Network
|
tcmu-runner_project
|
tcmu-runner
|
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
|
CWE-200
Information Exposure
|
CVE-2017-1000199
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255762
|
7.5 |
HIGH
Network
|
tcmu-runner_project
|
tcmu-runner
|
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000198
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255763
|
9.8 |
CRITICAL
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
|
CWE-417
Channel and Path Errors
|
CVE-2017-1000197
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255764
|
9.8 |
CRITICAL
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
|
CWE-94
Code Injection
|
CVE-2017-1000196
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255765
|
7.5 |
HIGH
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000195
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255766
|
9.8 |
CRITICAL
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-1000194
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255767
|
6.1 |
MEDIUM
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000193
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255768
|
9.8 |
CRITICAL
Network
|
pidusage_project
|
pidusage
|
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution
|
CWE-78
OS Command
|
CVE-2017-1000220
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255769
|
4.8 |
MEDIUM
Network
|
wbce
|
wbce_cms
|
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000213
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255770
|
9.8 |
CRITICAL
Network
|
altran
|
picotcp
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000210
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
