|
256891
|
9.8 |
CRITICAL
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
|
CWE-417
Channel and Path Errors
|
CVE-2017-1000197
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256892
|
9.8 |
CRITICAL
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
|
CWE-94
Code Injection
|
CVE-2017-1000196
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256893
|
7.5 |
HIGH
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000195
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256894
|
9.8 |
CRITICAL
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-1000194
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256895
|
6.1 |
MEDIUM
Network
|
octobercms
|
october
|
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000193
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256896
|
9.8 |
CRITICAL
Network
|
pidusage_project
|
pidusage
|
soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution
|
CWE-78
OS Command
|
CVE-2017-1000220
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256897
|
4.8 |
MEDIUM
Network
|
wbce
|
wbce_cms
|
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000213
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256898
|
9.8 |
CRITICAL
Network
|
altran
|
picotcp
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000210
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256899
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000187
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256900
|
5.5 |
MEDIUM
Local
|
swftools
|
swftools
|
In SWFTools, a stack overflow was found in pdf2swf.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000186
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
