|
254941
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local…
|
CWE-20
Improper Input Validation
|
CVE-2017-15951
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254942
|
7.2 |
HIGH
Network
|
angry-frog
|
xavier
|
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php.
|
CWE-89
SQL Injection
|
CVE-2017-15949
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254943
|
4.8 |
MEDIUM
Network
|
edgeofmyseat
|
perch
|
Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. This is exploitable with a Limited Admi…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15948
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254944
|
5.4 |
MEDIUM
Network
|
aspsource
|
simple_asc_content_management_system
|
Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15947
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254945
|
9.8 |
CRITICAL
Network
|
selfget
|
tag_meta
|
In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.
|
CWE-89
SQL Injection
|
CVE-2017-15946
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254946
|
7.8 |
HIGH
Local
|
mariadb
mysql
|
mariadb
mysql
|
The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writab…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-15945
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254947
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles NULL files in a .debug_line file table, which allows remote attackers to cause a den…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15939
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254948
|
7.5 |
HIGH
Network
|
gnu
|
binutils
|
dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, miscalculates DW_FORM_ref_addr die refs in the case of a relocatable object file, which allows …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15938
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254949
|
6.5 |
MEDIUM
Network
|
artica
|
pandora_fms
|
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /v…
|
CWE-200
Information Exposure
|
CVE-2017-15937
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254950
|
5.4 |
MEDIUM
Network
|
artica
|
pandora_fms
|
In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15936
|
2024-11-21 12:15 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
