|
249731
|
6.1 |
MEDIUM
Network
|
mantisbt
|
mantisbt
|
A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remot…
|
CWE-79
Cross-site Scripting
|
CVE-2017-7897
|
2024-11-21 12:32 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249732
|
6.1 |
MEDIUM
Network
|
trendmicro
|
interscan_messaging_security_virtual_appliance
|
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7896
|
2024-11-21 12:32 |
2017-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249733
|
7.5 |
HIGH
Network
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,…
|
CWE-20
Improper Input Validation
|
CVE-2017-7645
|
2024-11-21 12:32 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249734
|
7.5 |
HIGH
Network
|
capnproto
|
capnproto
|
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on …
|
CWE-20
Improper Input Validation
|
CVE-2017-7892
|
2024-11-21 12:32 |
2017-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249735
|
6.1 |
MEDIUM
Network
|
sourcebans-pp_project
|
sourcebans-pp
|
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7891
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249736
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7889
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249737
|
7.1 |
HIGH
Local
|
artifex
|
jbig2dec
|
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7885
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249738
|
8.8 |
HIGH
Network
|
mantisbt
|
mantisbt
|
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-7615
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249739
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7882
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249740
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an…
|
CWE-352
Origin Validation Error
|
CVE-2017-7881
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
