|
254191
|
9.8 |
CRITICAL
Network
|
perfexcrm
|
perfex_crm
|
In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-17976
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254192
|
7.5 |
HIGH
Network
|
omniauth
debian
|
omniauth
debian_linux
|
In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the enviro…
|
NVD-CWE-noinfo
|
CVE-2017-18076
|
2024-11-21 12:19 |
2018-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254193
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_…
|
CWE-763
Release of Invalid Pointer or Reference
|
CVE-2017-18075
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254194
|
4.4 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via ve…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-18030
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254195
|
9.8 |
CRITICAL
Network
|
fairsketch
|
rise_ultimate_project_manager
|
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.
|
CWE-89
SQL Injection
|
CVE-2017-17999
|
2024-11-21 12:19 |
2018-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254196
|
5.5 |
MEDIUM
Local
|
silverstripe
|
silverstripe
|
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without…
|
CWE-74
Injection
|
CVE-2017-18049
|
2024-11-21 12:19 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254197
|
8.8 |
HIGH
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-18048
|
2024-11-21 12:19 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254198
|
9.8 |
CRITICAL
Network
|
labf
|
nfsaxe
|
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18047
|
2024-11-21 12:19 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254199
|
9.8 |
CRITICAL
Network
|
dasannetworks
|
h640x_firmware
|
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action funct…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18046
|
2024-11-21 12:19 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254200
|
9.8 |
CRITICAL
Network
|
directadmin
|
directadmin
|
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.
|
NVD-CWE-noinfo
|
CVE-2017-18045
|
2024-11-21 12:19 |
2018-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
