|
251911
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15196
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251912
|
4.3 |
MEDIUM
Network
|
kanboard
|
kanboard
|
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2017-15195
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251913
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15194
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251914
|
4.8 |
MEDIUM
Network
|
eyesofnetwork
|
eyesofnetwork
|
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15188
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251915
|
9.8 |
CRITICAL
Network
|
zyxel
|
nbg6716_firmware
|
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
|
CWE-78
OS Command
|
CVE-2017-15226
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251916
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory …
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15225
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251917
|
5.4 |
MEDIUM
Network
|
dotcms
|
dotcms
|
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15219
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251918
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-15193
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251919
|
7.5 |
HIGH
Network
|
wireshark
|
wireshark
|
In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have th…
|
NVD-CWE-noinfo
|
CVE-2017-15192
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251920
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the DMP dissector could crash. This was addressed in epan/dissectors/packet-dmp.c by validating a string length.
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2017-15191
|
2024-11-21 12:14 |
2017-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
