|
253381
|
8.8 |
HIGH
Network
|
ingenious_school_management_system_project
|
ingenious_school_management_system
|
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-15957
|
2024-11-21 12:15 |
2017-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253382
|
7.5 |
HIGH
Network
|
converto_video_downloader_\&_converter_project
|
converto_video_downloader_\&_converter
|
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php.
|
CWE-20
Improper Input Validation
|
CVE-2017-15956
|
2024-11-21 12:15 |
2017-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253383
|
5.5 |
MEDIUM
Local
|
debian
bchunk_project
|
debian_linux
bchunk
|
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15955
|
2024-11-21 12:15 |
2017-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253384
|
5.5 |
MEDIUM
Local
|
debian
bchunk_project
|
debian_linux
bchunk
|
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15954
|
2024-11-21 12:15 |
2017-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253385
|
5.5 |
MEDIUM
Local
|
debian
bchunk_project
|
debian_linux
bchunk
|
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15953
|
2024-11-21 12:15 |
2017-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253386
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local…
|
CWE-20
Improper Input Validation
|
CVE-2017-15951
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253387
|
7.2 |
HIGH
Network
|
angry-frog
|
xavier
|
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
|
CWE-89
SQL Injection
|
CVE-2017-15949
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253388
|
4.8 |
MEDIUM
Network
|
edgeofmyseat
|
perch
|
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15948
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253389
|
5.4 |
MEDIUM
Network
|
aspsource
|
simple_asc_content_management_system
|
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15947
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253390
|
9.8 |
CRITICAL
Network
|
selfget
|
tag_meta
|
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
|
CWE-89
SQL Injection
|
CVE-2017-15946
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
