|
250101
|
5.5 |
MEDIUM
Local
|
faststone
|
maxview
|
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
|
CWE-20
Improper Input Validation
|
CVE-2017-6078
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250102
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
|
CWE-200
Information Exposure
|
CVE-2017-6072
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250103
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
|
CWE-200
Information Exposure
|
CVE-2017-6071
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250104
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
|
CWE-200
Information Exposure
|
CVE-2017-6070
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250105
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
|
CWE-415
Double Free
|
CVE-2017-6074
|
2024-11-21 12:29 |
2017-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250106
|
8.8 |
HIGH
Network
|
metalgenix
|
genixcms
|
SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter.
|
CWE-89
SQL Injection
|
CVE-2017-6065
|
2024-11-21 12:29 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250107
|
7.8 |
HIGH
Local
|
eparaksts
|
eparakstitajs_3
|
XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact …
|
CWE-611
XXE
|
CVE-2017-6055
|
2024-11-21 12:29 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250108
|
7.5 |
HIGH
Network
|
canonical
debian
|
ubuntu_linux
debian_linux
|
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-6056
|
2024-11-21 12:29 |
2017-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250109
|
7.8 |
HIGH
Local
|
tianocore
|
edk2
|
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-5731
|
2024-11-21 12:28 |
2019-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250110
|
6.5 |
MEDIUM
Network
|
libav
|
libav
|
In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-5984
|
2024-11-21 12:28 |
2019-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
