|
255031
|
6.1 |
MEDIUM
Network
|
xoops
|
xoops
|
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter.
|
CWE-601
Open Redirect
|
CVE-2017-12138
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255032
|
5.9 |
MEDIUM
Network
|
gnu
|
glibc
|
The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-12132
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255033
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execu…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12062
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255034
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized befor…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12061
|
2024-11-21 12:08 |
2017-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255035
|
6.5 |
MEDIUM
Network
|
underbit
|
mad_libmad
|
mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decode…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11552
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255036
|
6.1 |
MEDIUM
Network
|
goldplugins
|
easy_testimonials
|
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excer…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12131
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255037
|
6.1 |
MEDIUM
Network
|
event_list_project
|
event_list
|
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12068
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255038
|
7.5 |
HIGH
Network
|
potrace_project
|
potrace
|
Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-12067
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255039
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer hea…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12066
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255040
|
9.8 |
CRITICAL
Network
|
cacti
|
cacti
|
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
|
NVD-CWE-noinfo
|
CVE-2017-12065
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
