|
253411
|
8.8 |
HIGH
Network
|
digisol
|
dg-hr1400_firmware
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of a…
|
CWE-352
Origin Validation Error
|
CVE-2017-6127
|
2024-11-21 12:29 |
2017-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253412
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parame…
|
CWE-89
SQL Injection
|
CVE-2017-6098
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253413
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the PO…
|
CWE-89
SQL Injection
|
CVE-2017-6097
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253414
|
7.2 |
HIGH
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Param…
|
CWE-89
SQL Injection
|
CVE-2017-6096
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253415
|
9.8 |
CRITICAL
Network
|
mail-masta_project
|
mail-masta
|
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
|
CWE-89
SQL Injection
|
CVE-2017-6095
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253416
|
5.5 |
MEDIUM
Local
|
faststone
|
maxview
|
FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.
|
CWE-20
Improper Input Validation
|
CVE-2017-6078
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253417
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.
|
CWE-200
Information Exposure
|
CVE-2017-6072
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253418
|
5.3 |
MEDIUM
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.
|
CWE-200
Information Exposure
|
CVE-2017-6071
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253419
|
9.8 |
CRITICAL
Network
|
cmsmadesimple
|
form_builder
cms_made_simple
|
CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.
|
CWE-200
Information Exposure
|
CVE-2017-6070
|
2024-11-21 12:29 |
2017-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253420
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
|
CWE-415
Double Free
|
CVE-2017-6074
|
2024-11-21 12:29 |
2017-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
