|
265761
|
9.8 |
CRITICAL
Network
|
finecms_project
|
finecms
|
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo(…
|
CWE-94
Code Injection
|
CVE-2017-11167
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265762
|
9.8 |
CRITICAL
Network
|
datataker
|
dt80_dex_firmware
|
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
|
CWE-200
Information Exposure
|
CVE-2017-11165
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265763
|
5.4 |
MEDIUM
Network
|
fairsketch
|
rise_ultimate_project_manager
|
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11182
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265764
|
5.4 |
MEDIUM
Network
|
fairsketch
|
rise_ultimate_project_manager
|
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11181
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265765
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login scre…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11180
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265766
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11179
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265767
|
7.5 |
HIGH
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example,…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11178
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265768
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to …
|
CWE-416
Use After Free
|
CVE-2017-11176
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265769
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-session
|
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11171
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265770
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11170
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
