|
247351
|
9.8 |
CRITICAL
Network
|
projectsend
|
projectsend
|
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
|
CWE-20
Improper Input Validation
|
CVE-2017-9741
|
2024-11-21 12:36 |
2017-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247352
|
6.1 |
MEDIUM
Network
|
cmsmadesimple
|
cms_made_simple
|
In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9668
|
2024-11-21 12:36 |
2017-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247353
|
9.8 |
CRITICAL
Network
|
spip
|
spip
|
SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.
|
CWE-78
OS Command
|
CVE-2017-9736
|
2024-11-21 12:36 |
2017-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247354
|
5.5 |
MEDIUM
Local
|
qemu
debian
|
qemu
debian_linux
|
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and Q…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-9503
|
2024-11-21 12:36 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247355
|
7.5 |
HIGH
Network
|
eclipse
debian
oracle
|
jetty
debian_linux
retail_xstore_point_of_service
hospitality_guest_access
enterprise_manager_base_platform
rest_data_services
communications_cloud_native_core_policy
|
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect p…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2017-9735
|
2024-11-21 12:36 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247356
|
7.5 |
HIGH
Network
|
yocto_project
|
yp_core-pyro
|
In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk p…
|
CWE-200
Information Exposure
|
CVE-2017-9731
|
2024-11-21 12:36 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247357
|
7.5 |
HIGH
Network
|
uclibc
|
uclibc
|
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-9729
|
2024-11-21 12:36 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247358
|
9.8 |
CRITICAL
Network
|
uclibc
|
uclibc
|
In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9728
|
2024-11-21 12:36 |
2017-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247359
|
9.8 |
CRITICAL
Network
|
kbvault_mysql_project
|
kbvault_mysql
|
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and delet…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-9602
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247360
|
5.9 |
MEDIUM
Network
|
fnbkemp
|
fnb_kemp_mobile_banking
|
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-9601
|
2024-11-21 12:36 |
2017-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
