|
247491
|
8.8 |
HIGH
Network
|
zammad
|
zammad
|
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for u…
|
CWE-352
Origin Validation Error
|
CVE-2017-6081
|
2024-11-21 12:29 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247492
|
9.8 |
CRITICAL
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerabilit…
|
CWE-352
Origin Validation Error
|
CVE-2017-6080
|
2024-11-21 12:29 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247493
|
7.5 |
HIGH
Network
|
mikrotik
|
routeros
|
The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-6444
|
2024-11-21 12:29 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247494
|
9.9 |
CRITICAL
Network
|
softaculous
|
whmcs_reseller_module
|
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by V…
|
CWE-275
Permission Issues
|
CVE-2017-6513
|
2024-11-21 12:29 |
2017-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247495
|
8.1 |
HIGH
Network
|
f-secure
|
software_updater
|
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-…
|
CWE-20
Improper Input Validation
|
CVE-2017-6466
|
2024-11-21 12:29 |
2017-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247496
|
9.8 |
CRITICAL
Network
|
azure_dex
|
data_expert_ultimate
|
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that se…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6506
|
2024-11-21 12:29 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247497
|
7.5 |
HIGH
Network
|
evostream
|
media_server
|
A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6427
|
2024-11-21 12:29 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247498
|
5.5 |
MEDIUM
Local
|
freedesktop
|
virglrenderer
|
Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-6355
|
2024-11-21 12:29 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247499
|
5.5 |
MEDIUM
Local
|
gnome
fedoraproject
debian
|
gdk-pixbuf
fedora
debian_linux
|
The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6314
|
2024-11-21 12:29 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247500
|
7.1 |
HIGH
Local
|
gnome
fedoraproject
debian
|
gdk-pixbuf
fedora
debian_linux
|
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-6313
|
2024-11-21 12:29 |
2017-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
