|
250051
|
9.8 |
CRITICAL
Network
|
dedecms
|
dedecms
|
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
|
CWE-89
SQL Injection
|
CVE-2017-17730
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250052
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-17727
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250053
|
5.9 |
MEDIUM
Network
|
net-ldap_project
|
net-ldap
|
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
|
CWE-295
Improper Certificate Validation
|
CVE-2017-17718
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250054
|
9.8 |
CRITICAL
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-17717
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250055
|
5.9 |
MEDIUM
Network
|
gitlab
|
gitlab
|
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-17716
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250056
|
6.1 |
MEDIUM
Network
|
boxug
|
trape
|
Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /regi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17714
|
2024-11-21 12:18 |
2017-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250057
|
9.8 |
CRITICAL
Network
|
boxug
|
trape
|
Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter,…
|
CWE-89
SQL Injection
|
CVE-2017-17713
|
2024-11-21 12:18 |
2017-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250058
|
8.8 |
HIGH
Network
|
telegram
|
telegram_messenger
|
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a re…
|
CWE-22
Path Traversal
|
CVE-2017-17715
|
2024-11-21 12:18 |
2017-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250059
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to exec…
|
CWE-362
Race Condition
|
CVE-2017-17712
|
2024-11-21 12:18 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250060
|
9.8 |
CRITICAL
Network
|
k7computing
|
antivirus
|
K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer dereference via a 0x950025c8 DeviceIoControl request.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-17701
|
2024-11-21 12:18 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
