|
249241
|
6.1 |
MEDIUM
Network
|
open.gl_project
|
open.gl
|
An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data (content) passed to the "Open.GL-master/index.php" URL. An attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6907
|
2024-11-21 12:30 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249242
|
6.1 |
MEDIUM
Network
|
siberiancms
|
siberiancms
|
An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the "SiberianCMS-master/errors/500.php" URL. An a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6906
|
2024-11-21 12:30 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249243
|
6.1 |
MEDIUM
Network
|
concrete5
|
concrete5
|
An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (disable_choose) passed to the "concrete5-legacy-master/web/concrete/too…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6905
|
2024-11-21 12:30 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249244
|
7.8 |
HIGH
Local
|
ioquake3
|
ioquake3
|
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw, and other id Tech 3 (aka Quake 3 engin…
|
NVD-CWE-noinfo
|
CVE-2017-6903
|
2024-11-21 12:30 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249245
|
8.8 |
HIGH
Network
|
digisol
|
dg-hr1400_router_firmware
|
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2017-6896
|
2024-11-21 12:30 |
2017-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249246
|
4.7 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
phantompdf
|
The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read a…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-6883
|
2024-11-21 12:30 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249247
|
6.1 |
MEDIUM
Network
|
lutim_project
|
lutim
|
Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6877
|
2024-11-21 12:30 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249248
|
7.0 |
HIGH
Local
|
linux
|
linux_kernel
|
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via cr…
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2017-6874
|
2024-11-21 12:30 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249249
|
6.1 |
MEDIUM
Network
|
uninett
|
mod_auth_mellon
|
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6807
|
2024-11-21 12:30 |
2017-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249250
|
8.8 |
HIGH
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2017-6823
|
2024-11-21 12:30 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
