|
264321
|
7.5 |
HIGH
Network
|
syncthing
|
syncthing
|
Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite
|
CWE-59
Link Following
|
CVE-2017-1000420
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264322
|
7.5 |
HIGH
Network
|
phpbb
|
phpbb
|
phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal se…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000419
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264323
|
9.8 |
CRITICAL
Network
|
bro
|
bro
|
Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-1000458
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264324
|
4.8 |
MEDIUM
Network
|
mojoportal
|
mojoportal
|
Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires aut…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000457
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264325
|
8.8 |
HIGH
Network
|
freedesktop
debian
|
poppler
debian_linux
|
freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000456
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264326
|
7.8 |
HIGH
Local
|
mindwerks
|
wildmidi
|
The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-1000418
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264327
|
5.5 |
MEDIUM
Local
|
gnu
|
guixsd
|
GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assu…
|
CWE-346
Origin Validation Error
|
CVE-2017-1000455
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264328
|
7.8 |
HIGH
Local
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1
|
CWE-74
Injection
|
CVE-2017-1000454
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264329
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
cms_made_simple
|
CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.
|
CWE-74
Injection
|
CVE-2017-1000453
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264330
|
7.5 |
HIGH
Network
|
samlify_project
|
samlify
|
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.
|
CWE-91
Blind XPath Injection
|
CVE-2017-1000452
|
2024-11-21 12:04 |
2018-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
