|
253261
|
6.5 |
MEDIUM
Network
|
cohuhd
|
3960hd_firmware
|
Information disclosure through directory listing on the Cohu 3960HD allows an attacker to view and download source code, log files, and other sensitive device information via a specially crafted web …
|
CWE-200
Information Exposure
|
CVE-2017-8860
|
2024-11-21 12:34 |
2017-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253262
|
9.1 |
CRITICAL
Network
|
varnish-cache
varnish_cache_project
debian
|
varnish
varnish_cache
debian_linux
|
vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache 4.1.x before 4.1.9 and 5.x before 5.2.1 allows remote attackers to obtain sensitive information from process memory because a V…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-8807
|
2024-11-21 12:34 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253263
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules.
|
CWE-20
Improper Input Validation
|
CVE-2017-8815
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253264
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."
|
CWE-20
Improper Input Validation
|
CVE-2017-8814
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253265
|
5.3 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline.
|
NVD-CWE-noinfo
|
CVE-2017-8812
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253266
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.
|
CWE-20
Improper Input Validation
|
CVE-2017-8811
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253267
|
7.5 |
HIGH
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the userna…
|
CWE-200
Information Exposure
|
CVE-2017-8810
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253268
|
9.8 |
CRITICAL
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
|
CWE-74
Injection
|
CVE-2017-8809
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253269
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping.
|
CWE-79
Cross-site Scripting
|
CVE-2017-8808
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253270
|
7.5 |
HIGH
Network
|
microsoft
|
asp.net_core
|
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Infor…
|
NVD-CWE-noinfo
|
CVE-2017-8700
|
2024-11-21 12:34 |
2017-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
