|
252161
|
6.1 |
MEDIUM
Network
|
sourcebans-pp_project
|
sourcebans-pp
|
sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7891
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252162
|
7.8 |
HIGH
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the f…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-7889
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252163
|
7.1 |
HIGH
Local
|
artifex
|
jbig2dec
|
Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to denial of service (application crash) or disclosure of sensitive information from process memory, because of an integer overflow in …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-7885
|
2024-11-21 12:32 |
2017-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252164
|
8.8 |
HIGH
Network
|
mantisbt
|
mantisbt
|
MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-7615
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252165
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7882
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252166
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an…
|
CWE-352
Origin Validation Error
|
CVE-2017-7881
|
2024-11-21 12:32 |
2017-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252167
|
7.5 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database.
|
CWE-89
SQL Injection
|
CVE-2017-7879
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252168
|
9.8 |
CRITICAL
Network
|
flatcore
|
flatcore-cms
|
SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.
|
CWE-89
SQL Injection
|
CVE-2017-7878
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252169
|
8.8 |
HIGH
Network
|
flatcore
|
flatcore-cms
|
CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.
|
CWE-352
Origin Validation Error
|
CVE-2017-7877
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252170
|
9.8 |
CRITICAL
Network
|
feh_project
|
feh
|
In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer o…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-7875
|
2024-11-21 12:32 |
2017-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
