|
256211
|
7.5 |
HIGH
Network
|
dell
|
storage_manager_2016
|
Directory Traversal in Dell Storage Manager 2016 R2.1 causes Information Disclosure when the doGet method of the EmWebsiteServlet class doesn't properly validate user provided path before using it in…
|
CWE-22
Path Traversal
|
CVE-2017-10949
|
2024-11-21 12:06 |
2017-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256212
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU process crash) via vectors related to logging debug messag…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-10806
|
2024-11-21 12:06 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256213
|
7.5 |
HIGH
Network
|
qemu
debian
redhat
|
qemu
debian_linux
virtualization
openstack
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_server_tu…
|
qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt.
|
NVD-CWE-noinfo
|
CVE-2017-10664
|
2024-11-21 12:06 |
2017-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256214
|
6.1 |
MEDIUM
Network
|
simplerisk
|
simplerisk
|
In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send Password Reset Email form) can insert XSS sequences via the user parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10711
|
2024-11-21 12:06 |
2017-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256215
|
8.8 |
HIGH
Network
|
contao
|
contao_cms
|
Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
|
CWE-22
Path Traversal
|
CVE-2017-10993
|
2024-11-21 12:06 |
2017-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256216
|
6.1 |
MEDIUM
Network
|
d-link
|
dir-600m_firmware
|
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10676
|
2024-11-21 12:06 |
2017-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256217
|
6.1 |
MEDIUM
Network
|
phpsocial
|
phpsocial
|
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10801
|
2024-11-21 12:06 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256218
|
7.8 |
HIGH
Local
|
apport_project
|
apport
|
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path tra…
|
CWE-22
Path Traversal
|
CVE-2017-10708
|
2024-11-21 12:06 |
2017-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256219
|
6.1 |
MEDIUM
Network
|
vanderbilt
|
redcap
|
REDCap before 7.5.1 has XSS via the query string.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10962
|
2024-11-21 12:06 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256220
|
8.8 |
HIGH
Network
|
vanderbilt
|
redcap
|
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
|
CWE-352
Origin Validation Error
|
CVE-2017-10961
|
2024-11-21 12:06 |
2017-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
