|
252561
|
7.5 |
HIGH
Network
|
horde
|
groupware
|
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enab…
|
CWE-78
OS Command
|
CVE-2017-7414
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252562
|
8.8 |
HIGH
Network
|
horde
|
groupware
|
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled…
|
CWE-78
OS Command
|
CVE-2017-7413
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252563
|
8.8 |
HIGH
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin i…
|
CWE-352
Origin Validation Error
|
CVE-2017-7398
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252564
|
8.2 |
HIGH
Local
|
xen
|
xen
|
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, al…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-7228
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252565
|
7.8 |
HIGH
Local
|
nixos
|
nixos
|
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
|
NVD-CWE-noinfo
|
CVE-2017-7412
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252566
|
9.8 |
CRITICAL
Network
|
websitebaker
|
websitebaker
|
Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, …
|
CWE-89
SQL Injection
|
CVE-2017-7410
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252567
|
2.4 |
LOW
Physics
|
haxx
|
curl
|
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a w…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-7407
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252568
|
7.5 |
HIGH
Network
|
backbox
|
backbox_linux
|
BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-7397
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252569
|
9.8 |
CRITICAL
Network
|
lucidcrew
|
pixie
|
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, …
|
CWE-94
Code Injection
|
CVE-2017-7402
|
2024-11-21 12:31 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252570
|
7.5 |
HIGH
Network
|
collectd
|
collectd
|
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-7401
|
2024-11-21 12:31 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
