|
251901
|
9.8 |
CRITICAL
Network
|
cohuhd
|
3960hd_firmware
|
Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially craft…
|
CWE-287
Improper Authentication
|
CVE-2017-8861
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251902
|
6.5 |
MEDIUM
Network
|
cohuhd
|
3960hd_firmware
|
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web …
|
CWE-200
Information Exposure
|
CVE-2017-8860
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251903
|
9.1 |
CRITICAL
Network
|
varnish-cache
varnish_cache_project
debian
|
varnish
varnish_cache
debian_linux
|
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a V…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8807
|
2024-11-21 12:34 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251904
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
CWE-20
Improper Input Validation
|
CVE-2017-8815
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251905
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
CWE-20
Improper Input Validation
|
CVE-2017-8814
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251906
|
5.3 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
NVD-CWE-noinfo
|
CVE-2017-8812
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251907
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
|
CWE-20
Improper Input Validation
|
CVE-2017-8811
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251908
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the userna…
|
CWE-200
Information Exposure
|
CVE-2017-8810
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251909
|
9.8 |
CRITICAL
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
|
CWE-74
Injection
|
CVE-2017-8809
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251910
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8808
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
