|
248911
|
8.1 |
HIGH
Network
|
modx
|
modx_revolution
|
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger…
|
NVD-CWE-noinfo
|
CVE-2017-7323
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248912
|
8.1 |
HIGH
Network
|
modx
|
modx_revolution
|
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-7322
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248913
|
9.8 |
CRITICAL
Network
|
modx
|
modx_revolution
|
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
|
CWE-94
Code Injection
|
CVE-2017-7321
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248914
|
6.1 |
MEDIUM
Network
|
modx
|
modx_revolution
|
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a …
|
CWE-79
Cross-site Scripting
|
CVE-2017-7320
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248915
|
9.8 |
CRITICAL
Network
|
siklu
|
etherhaul_firmware
|
Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as…
|
NVD-CWE-noinfo
|
CVE-2017-7318
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248916
|
7.2 |
HIGH
Network
|
xoops
|
xoops
|
SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An …
|
CWE-89
SQL Injection
|
CVE-2017-7290
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248917
|
7.8 |
HIGH
Local
|
flexense
|
syncbreeze
diskboss
disksorter
|
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Se…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7310
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248918
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (in…
|
CWE-787
CWE-681
Out-of-bounds Write
Incorrect Conversion between Numeric Types
|
CVE-2017-7308
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248919
|
7.5 |
HIGH
Network
|
auromeera
|
emli
|
HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can l…
|
CWE-22
Path Traversal
|
CVE-2017-7258
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248920
|
7.5 |
HIGH
Network
|
gnu
|
binutils
|
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-7304
|
2024-11-21 12:31 |
2017-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
