|
249021
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
|
CWE-863
Incorrect Authorization
|
CVE-2017-6377
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249022
|
4.7 |
MEDIUM
Network
|
sap
|
businessobjects_financial_consolidation
|
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6061
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249023
|
6.1 |
MEDIUM
Network
|
epson
|
tmnet_webconfig
|
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6443
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249024
|
5.5 |
MEDIUM
Local
|
ettercap-project
|
ettercap
|
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-6430
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249025
|
7.8 |
HIGH
Local
|
broadcom
|
tcpreplay
|
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6429
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249026
|
7.3 |
HIGH
Local
|
amazon
|
kindle_for_pc
|
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di…
|
CWE-426
Untrusted Search Path
|
CVE-2017-6189
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249027
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the num…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6505
|
2024-11-21 12:29 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249028
|
5.0 |
MEDIUM
Local
|
libplist_project
|
libplist
|
The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.
|
CWE-20
CWE-787
CWE-190
Improper Input Validation
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2017-6440
|
2024-11-21 12:29 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249029
|
5.0 |
MEDIUM
Local
|
libplist_project
|
libplist
|
Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist fi…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-6439
|
2024-11-21 12:29 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249030
|
7.3 |
HIGH
Local
|
libplist_project
|
libplist
|
Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code exe…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-6438
|
2024-11-21 12:29 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
