|
250181
|
7.5 |
HIGH
Network
|
scubez
|
posty_readymade_classifieds
|
Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive inform…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-17568
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250182
|
7.5 |
HIGH
Network
|
scubez
|
posty_readymade_classifieds
|
Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17567
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250183
|
7.5 |
HIGH
Network
|
mikrotik
|
router_firmware
|
MikroTik v6.40.5 devices allow remote attackers to cause a denial of service via a flood of ICMP packets.
|
NVD-CWE-noinfo
|
CVE-2017-17538
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250184
|
7.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
|
NVD-CWE-noinfo
|
CVE-2017-17566
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250185
|
5.6 |
MEDIUM
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion …
|
CWE-20
Improper Input Validation
|
CVE-2017-17565
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250186
|
7.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference count…
|
CWE-388
7PK - Errors
|
CVE-2017-17564
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250187
|
7.8 |
HIGH
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overfl…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17563
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250188
|
7.2 |
HIGH
Network
|
seacms_project
|
seacms
|
SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/admin_ping.php, which interacts with data/admin/ping.php.
|
NVD-CWE-noinfo
|
CVE-2017-17561
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250189
|
9.8 |
CRITICAL
Network
|
westerndigital
|
my_cloud_pr4100_firmware
|
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is…
|
CWE-287
Improper Authentication
|
CVE-2017-17560
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250190
|
6.6 |
MEDIUM
Physics
|
linux
suse
|
linux_kernel
linux_enterprise_server
|
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces …
|
CWE-787
Out-of-bounds Write
|
CVE-2017-17558
|
2024-11-21 12:18 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
