|
250391
|
5.5 |
MEDIUM
Local
|
munin-monitoring
debian
|
munin
debian_linux
|
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
|
CWE-20
Improper Input Validation
|
CVE-2017-6188
|
2024-11-21 12:29 |
2017-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250392
|
8.8 |
HIGH
Network
|
digisol
|
dg-hr1400_firmware
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of a…
|
CWE-352
Origin Validation Error
|
CVE-2017-6127
|
2024-11-21 12:29 |
2017-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250393
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parame…
|
CWE-89
SQL Injection
|
CVE-2017-6098
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250394
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the PO…
|
CWE-89
SQL Injection
|
CVE-2017-6097
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250395
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param…
|
CWE-89
SQL Injection
|
CVE-2017-6096
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250396
|
9.8 |
CRITICAL
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
|
CWE-89
SQL Injection
|
CVE-2017-6095
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250397
|
5.5 |
MEDIUM
Local
|
faststone
|
maxview
|
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
|
CWE-20
Improper Input Validation
|
CVE-2017-6078
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250398
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
|
CWE-200
Information Exposure
|
CVE-2017-6072
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250399
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
|
CWE-200
Information Exposure
|
CVE-2017-6071
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250400
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
|
CWE-200
Information Exposure
|
CVE-2017-6070
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
