|
249561
|
7.5 |
HIGH
Network
|
efssoft
|
easy_file_sharing_ftp_server
|
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
|
CWE-22
Path Traversal
|
CVE-2017-6510
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249562
|
8.1 |
HIGH
Network
|
drupal
|
drupal
|
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, a…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2017-6381
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249563
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that use…
|
CWE-352
Origin Validation Error
|
CVE-2017-6379
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249564
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
|
CWE-863
Incorrect Authorization
|
CVE-2017-6377
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249565
|
4.7 |
MEDIUM
Network
|
sap
|
businessobjects_financial_consolidation
|
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6061
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249566
|
6.1 |
MEDIUM
Network
|
epson
|
tmnet_webconfig
|
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6443
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249567
|
5.5 |
MEDIUM
Local
|
ettercap-project
|
ettercap
|
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-6430
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249568
|
7.8 |
HIGH
Local
|
broadcom
|
tcpreplay
|
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6429
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249569
|
7.3 |
HIGH
Local
|
amazon
|
kindle_for_pc
|
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di…
|
CWE-426
Untrusted Search Path
|
CVE-2017-6189
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249570
|
6.5 |
MEDIUM
Local
|
qemu
|
qemu
|
The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the num…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6505
|
2024-11-21 12:29 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
