|
249991
|
6.5 |
MEDIUM
Network
|
splunk
|
splunk
|
Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Ligh…
|
CWE-20
Improper Input Validation
|
CVE-2017-5880
|
2024-11-21 12:28 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249992
|
7.5 |
HIGH
Network
|
php
|
pear
|
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via cr…
|
CWE-74
Injection
|
CVE-2017-5630
|
2024-11-21 12:28 |
2017-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249993
|
6.5 |
MEDIUM
Adjacent
|
asus
|
rt-n56u_firmware
|
An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the de…
|
NVD-CWE-noinfo
|
CVE-2017-5632
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249994
|
7.8 |
HIGH
Local
|
artifex
|
mujs
|
An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow wh…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5628
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249995
|
7.8 |
HIGH
Local
|
artifex
|
mujs
|
An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads t…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-5627
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249996
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2017-5612
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249997
|
9.8 |
CRITICAL
Network
|
wordpress
debian
oracle
|
wordpress
debian_linux
data_integrator
|
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected…
|
CWE-89
SQL Injection
|
CVE-2017-5611
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249998
|
5.3 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypas…
|
CWE-200
Information Exposure
|
CVE-2017-5610
|
2024-11-21 12:28 |
2017-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249999
|
8.8 |
HIGH
Network
|
s9y
|
serendipity
|
SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.
|
CWE-89
SQL Injection
|
CVE-2017-5609
|
2024-11-21 12:28 |
2017-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250000
|
7.7 |
HIGH
Network
|
rapid7
|
insightvm
|
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a vir…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-5242
|
2024-11-21 12:27 |
2023-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
