|
249541
|
7.8 |
HIGH
Local
|
ntp
|
ntp
|
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to e…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-6451
|
2024-11-21 12:29 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249542
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6069
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249543
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6068
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249544
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6067
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249545
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6066
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249546
|
8.8 |
HIGH
Network
|
eonweb_project
|
eonweb
|
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3…
|
CWE-78
OS Command
|
CVE-2017-6087
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249547
|
8.8 |
HIGH
Network
|
firebirdsql
|
firebird
|
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
|
CWE-862
Missing Authorization
|
CVE-2017-6369
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249548
|
5.9 |
MEDIUM
Network
|
apparmor
canonical
|
apparmor
ubuntu_touch
ubuntu_core
|
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have …
|
CWE-269
Improper Privilege Management
|
CVE-2017-6507
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249549
|
9.8 |
CRITICAL
Network
|
microsoft
|
skype
|
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dl…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-6517
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249550
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-6361
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
