|
249141
|
7.5 |
HIGH
Network
|
capnproto
|
capnproto
|
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on …
|
CWE-20
Improper Input Validation
|
CVE-2017-7892
|
2024-11-21 12:32 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249142
|
6.1 |
MEDIUM
Network
|
sourcebans-pp_project
|
sourcebans-pp
|
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7891
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249143
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7889
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249144
|
7.1 |
HIGH
Local
|
artifex
|
jbig2dec
|
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7885
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249145
|
8.8 |
HIGH
Network
|
mantisbt
|
mantisbt
|
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-7615
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249146
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7882
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249147
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an…
|
CWE-352
Origin Validation Error
|
CVE-2017-7881
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249148
|
7.5 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
|
CWE-89
SQL Injection
|
CVE-2017-7879
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249149
|
9.8 |
CRITICAL
Network
|
flatcore
|
flatcore-cms
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
|
CWE-89
SQL Injection
|
CVE-2017-7878
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249150
|
8.8 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.
|
CWE-352
Origin Validation Error
|
CVE-2017-7877
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
