|
248391
|
7.5 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
|
CWE-89
SQL Injection
|
CVE-2017-7879
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248392
|
9.8 |
CRITICAL
Network
|
flatcore
|
flatcore-cms
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
|
CWE-89
SQL Injection
|
CVE-2017-7878
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248393
|
8.8 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.
|
CWE-352
Origin Validation Error
|
CVE-2017-7877
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248394
|
9.8 |
CRITICAL
Network
|
feh_project
|
feh
|
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer o…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7875
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248395
|
6.1 |
MEDIUM
Network
|
tdm_project
|
tdm
|
trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).
|
CWE-79
Cross-site Scripting
|
CVE-2017-7871
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248396
|
8.8 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified…
|
CWE-89
SQL Injection
|
CVE-2017-7717
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248397
|
7.5 |
HIGH
Network
|
sap
|
sso_authentication_library
|
SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_res…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-7696
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248398
|
7.8 |
HIGH
Local
|
proxifier
|
proxifier
|
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
|
CWE-78
OS Command
|
CVE-2017-7690
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248399
|
7.8 |
HIGH
Local
|
proxifier
|
proxifier
|
Proxifier for Mac before 2.19 allows local users to gain privileges via the first parameter to the KLoader setuid program.
|
NVD-CWE-noinfo
|
CVE-2017-7643
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248400
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7870
|
2024-11-21 12:32 |
2017-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
