|
250131
|
9.8 |
CRITICAL
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
|
CWE-89
SQL Injection
|
CVE-2017-6013
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250132
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6003
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250133
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6002
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250134
|
5.9 |
MEDIUM
Physics
|
oneplus
|
oxygenos
|
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open …
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-5622
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250135
|
8.8 |
HIGH
Network
|
nuxeo
|
nuxeo
|
Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in …
|
CWE-22
Path Traversal
|
CVE-2017-5869
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250136
|
5.5 |
MEDIUM
Local
|
apache
|
poi
|
Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
|
CWE-776
XML Entity Expansion
|
CVE-2017-5644
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250137
|
9.8 |
CRITICAL
Network
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5897
|
2024-11-21 12:28 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250138
|
6.1 |
MEDIUM
Network
|
kunena
|
kunena
|
In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. Six files are affected: crypsis/layouts/message/item/default…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5673
|
2024-11-21 12:28 |
2017-03-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250139
|
8.8 |
HIGH
Network
|
d-link
|
dir-600m_firmware
|
CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_20170306. This can be used to bypass authentication and insert XSS sequences or possibly have unspecified other impact.
|
CWE-352
Origin Validation Error
|
CVE-2017-5874
|
2024-11-21 12:28 |
2017-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250140
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-5987
|
2024-11-21 12:28 |
2017-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
