|
248811
|
8.8 |
HIGH
Network
|
wondercms
|
wondercms
|
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.
|
CWE-352
Origin Validation Error
|
CVE-2017-7951
|
2024-11-21 12:33 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248812
|
8.8 |
HIGH
Network
|
openmrs
|
openmrs_module_reporting
|
The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageRepor…
|
CWE-352
Origin Validation Error
|
CVE-2017-7990
|
2024-11-21 12:33 |
2017-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248813
|
5.3 |
MEDIUM
Network
|
watchguard
|
fireware
|
WatchGuard Fireware v11.12.1 and earlier mishandles requests referring to an XML External Entity (XXE), in the XML-RPC agent. This causes the Firebox wgagent process to crash. This process crash ends…
|
CWE-611
XXE
|
CVE-2017-8056
|
2024-11-21 12:33 |
2017-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248814
|
5.5 |
MEDIUM
Local
|
libimobiledevice
|
libplist
|
Integer overflow in the plist_from_bin function in bplist.c in libimobiledevice/libplist before 2017-04-19 allows remote attackers to cause a denial of service (heap-based buffer over-read and applic…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7982
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248815
|
9.8 |
CRITICAL
Network
|
mor-pah.net
|
dmitry_deepmagic_information_gathering_tool
|
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other i…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7938
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248816
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The cookie feature in the packet action API implementation in net/sched/act_api.c in the Linux kernel 4.11.x through 4.11-rc7 mishandles the tb nlattr array, which allows local users to cause a denia…
|
CWE-20
Improper Input Validation
|
CVE-2017-7979
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248817
|
7.5 |
HIGH
Network
|
samsung
|
samsung_mobile
|
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is…
|
CWE-200
Information Exposure
|
CVE-2017-7978
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248818
|
7.1 |
HIGH
Local
|
artifex
|
jbig2dec
|
Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of an integer overflow in the jbig2_image_compose function in jbig2_image.c during operations on a crafted .jb2 file, leading to a …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7976
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248819
|
7.8 |
HIGH
Local
|
artifex
|
jbig2dec
|
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted J…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7975
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248820
|
10.0 |
CRITICAL
Network
|
zyxel
|
wre6505_firmware
|
Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2017-7964
|
2024-11-21 12:33 |
2017-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
