|
249911
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param…
|
CWE-89
SQL Injection
|
CVE-2017-6096
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249912
|
9.8 |
CRITICAL
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
|
CWE-89
SQL Injection
|
CVE-2017-6095
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249913
|
5.5 |
MEDIUM
Local
|
faststone
|
maxview
|
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
|
CWE-20
Improper Input Validation
|
CVE-2017-6078
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249914
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
|
CWE-200
Information Exposure
|
CVE-2017-6072
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249915
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
|
CWE-200
Information Exposure
|
CVE-2017-6071
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249916
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
|
CWE-200
Information Exposure
|
CVE-2017-6070
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249917
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
|
CWE-415
Double Free
|
CVE-2017-6074
|
2024-11-21 12:29 |
2017-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249918
|
8.8 |
HIGH
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
|
CWE-89
SQL Injection
|
CVE-2017-6065
|
2024-11-21 12:29 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249919
|
7.8 |
HIGH
Local
|
eparaksts
|
eparakstitajs_3
|
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact …
|
CWE-611
XXE
|
CVE-2017-6055
|
2024-11-21 12:29 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249920
|
7.5 |
HIGH
Network
|
canonical
debian
|
ubuntu_linux
debian_linux
|
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6056
|
2024-11-21 12:29 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
