|
249851
|
5.4 |
MEDIUM
Network
|
netcomm
|
nb16wv-02_firmware
|
Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5900
|
2024-11-21 12:28 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249852
|
8.8 |
HIGH
Local
|
honeywell
|
intermec_pc23_firmware
intermec_pc42_firmware
intermec_pc43_firmware
intermec_pd43_firmware
intermec_pm23_firmware
intermec_pm42_firmware
intermec_pm43_firmware
|
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, whic…
|
CWE-269
Improper Privilege Management
|
CVE-2017-5671
|
2024-11-21 12:28 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249853
|
5.5 |
MEDIUM
Local
|
qemu
debian
redhat
|
qemu
debian_linux
openstack
virtualization
|
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors r…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-5973
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249854
|
7.8 |
HIGH
Local
|
gnu
|
bash
|
The path autocompletion feature in Bash 4.4 allows local users to gain privileges via a crafted filename starting with a " (double quote) character and a command substitution metacharacter.
|
CWE-20
Improper Input Validation
|
CVE-2017-5932
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249855
|
8.8 |
HIGH
Local
|
qemu
|
qemu
|
Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5931
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249856
|
7.0 |
HIGH
Local
|
s-nail_project
|
s-nail
|
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a …
|
CWE-22
CWE-362
Path Traversal
Race Condition
|
CVE-2017-5899
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249857
|
7.5 |
HIGH
Network
|
openbsd
|
openbsd
|
httpd in OpenBSD allows remote attackers to cause a denial of service (memory consumption) via a series of requests for a large file using an HTTP Range header.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-5850
|
2024-11-21 12:28 |
2017-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249858
|
9.8 |
CRITICAL
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter.
|
CWE-89
SQL Injection
|
CVE-2017-6013
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249859
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6003
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249860
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6002
|
2024-11-21 12:28 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
