|
254151
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-9074
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254152
|
6.1 |
MEDIUM
Network
|
calendarxp
|
popcalendarxp
flatcalendarxp
|
Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9072
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254153
|
4.7 |
MEDIUM
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9071
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254154
|
5.4 |
MEDIUM
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9070
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254155
|
8.8 |
HIGH
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9069
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254156
|
6.1 |
MEDIUM
Network
|
modx
|
modx_revolution
|
In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9068
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254157
|
7.0 |
HIGH
Local
|
modx
php
|
modx_revolution
php
|
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/i…
|
CWE-22
Path Traversal
|
CVE-2017-9067
|
2024-11-21 12:35 |
2017-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254158
|
8.6 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-9066
|
2024-11-21 12:35 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254159
|
7.5 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
|
CWE-20
Improper Input Validation
|
CVE-2017-9065
|
2024-11-21 12:35 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254160
|
8.8 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
|
CWE-352
Origin Validation Error
|
CVE-2017-9064
|
2024-11-21 12:35 |
2017-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
