|
250901
|
5.4 |
MEDIUM
Network
|
typecho
|
typecho
|
In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16230
|
2024-11-21 12:16 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250902
|
9.8 |
CRITICAL
Network
|
dulwich_project
|
dulwich
|
Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017…
|
NVD-CWE-noinfo
|
CVE-2017-16228
|
2024-11-21 12:16 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250903
|
7.5 |
HIGH
Network
|
quagga
debian
|
quagga
debian_linux
|
The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 allows remote attackers to cause a denial of service (session drop) via BGP UPDATE messages, because AS_PATH size calculation for l…
|
CWE-20
Improper Input Validation
|
CVE-2017-16227
|
2024-11-21 12:16 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250904
|
6.1 |
MEDIUM
Network
|
craftercms
|
crafter_cms
|
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15686
|
2024-11-21 12:15 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250905
|
8.6 |
HIGH
Network
|
craftercms
|
crafter_cms
|
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-o…
|
CWE-91
Blind XPath Injection
|
CVE-2017-15685
|
2024-11-21 12:15 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250906
|
7.5 |
HIGH
Network
|
craftercms
|
crafter_cms
|
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
|
CWE-22
Path Traversal
|
CVE-2017-15684
|
2024-11-21 12:15 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250907
|
8.6 |
HIGH
Network
|
craftercms
|
crafter_cms
|
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
|
CWE-91
Blind XPath Injection
|
CVE-2017-15683
|
2024-11-21 12:15 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250908
|
7.5 |
HIGH
Network
|
devada
|
dzone_answerhub
|
An XML External Entity Injection vulnerability exists in Dzone AnswerHub.
|
CWE-611
XXE
|
CVE-2017-15725
|
2024-11-21 12:15 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250909
|
6.5 |
MEDIUM
Network
|
apache
|
geode
|
When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in secure mode, a user with write permissions for specific data regions can modify internal cluster metadata. A malicious user could m…
|
CWE-88
Argument Injection
|
CVE-2017-15694
|
2024-11-21 12:15 |
2019-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250910
|
5.5 |
MEDIUM
Local
|
qualcomm
|
sd_410_firmware
sd_412_firmware
sd_425_firmware
sd_427_firmware
sd_430_firmware
sd_435_firmware
sd_450_firmware
sd_615_firmware
sd_616_firmware
sd_415_firmware
sd_625_fi…
|
When HOST sends a Special command ID packet, Controller triggers a RAM Dump and FW reset in Snapdragon Mobile in version SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, S…
|
NVD-CWE-noinfo
|
CVE-2017-15841
|
2024-11-21 12:15 |
2019-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
