|
253231
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6069
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253232
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6068
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253233
|
6.1 |
MEDIUM
Network
|
getsymphony
|
symphony
|
Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6067
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253234
|
8.8 |
HIGH
Network
|
intelliants
|
subrion_cms
|
Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can perform any Edit Language action, and can optionally insert XSS via the title parameter.
|
CWE-352
Origin Validation Error
|
CVE-2017-6066
|
2024-11-21 12:29 |
2017-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253235
|
8.8 |
HIGH
Network
|
eonweb_project
|
eonweb
|
EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3…
|
CWE-78
OS Command
|
CVE-2017-6087
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253236
|
8.8 |
HIGH
Network
|
firebirdsql
|
firebird
|
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
|
CWE-862
Missing Authorization
|
CVE-2017-6369
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253237
|
5.9 |
MEDIUM
Network
|
apparmor
canonical
|
apparmor
ubuntu_touch
ubuntu_core
|
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have …
|
CWE-269
Improper Privilege Management
|
CVE-2017-6507
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253238
|
9.8 |
CRITICAL
Network
|
microsoft
|
skype
|
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dl…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2017-6517
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253239
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-6361
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253240
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-6360
|
2024-11-21 12:29 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
