|
249941
|
9.8 |
CRITICAL
Network
|
vanguard_project
|
marketplace_digital_products_php
|
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
|
CWE-89
SQL Injection
|
CVE-2017-17873
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249942
|
9.8 |
CRITICAL
Network
|
jextn
|
jextn_video_gallery
|
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
|
CWE-89
SQL Injection
|
CVE-2017-17872
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249943
|
9.8 |
CRITICAL
Network
|
jextn
|
jextn_question_and_answer
|
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17871
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249944
|
9.8 |
CRITICAL
Network
|
jbuildozer
|
jbuildozer
|
The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.
|
CWE-89
SQL Injection
|
CVE-2017-17870
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249945
|
6.1 |
MEDIUM
Network
|
mgl-instagram-gallery_project
|
mgl-instagram-gallery
|
The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17869
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249946
|
6.1 |
MEDIUM
Network
|
liferay
|
liferay_portal
|
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17868
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249947
|
7.8 |
HIGH
Local
|
artifex
debian
|
mupdf
debian_linux
|
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (b…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17866
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249948
|
3.3 |
LOW
Local
|
linux
debian
|
linux_kernel
debian_linux
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentia…
|
CWE-200
Information Exposure
|
CVE-2017-17864
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249949
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-17863
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249950
|
5.5 |
MEDIUM
Local
|
linux
debian
|
linux_kernel
debian_linux
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning …
|
CWE-20
Improper Input Validation
|
CVE-2017-17862
|
2024-11-21 12:18 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
