|
255921
|
5.3 |
MEDIUM
Network
|
typo3
|
typo3
|
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network an…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-6370
|
2024-11-21 12:29 |
2017-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255922
|
7.5 |
HIGH
Network
|
efssoft
|
easy_file_sharing_ftp_server
|
Easy File Sharing FTP Server version 3.6 is vulnerable to a directory traversal vulnerability which allows an attacker to list and download any file from any folder outside the FTP root Directory.
|
CWE-22
Path Traversal
|
CVE-2017-6510
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255923
|
8.1 |
HIGH
Network
|
drupal
|
drupal
|
A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, a…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2017-6381
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255924
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that use…
|
CWE-352
Origin Validation Error
|
CVE-2017-6379
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255925
|
7.5 |
HIGH
Network
|
drupal
|
drupal
|
When adding a private file via the editor in Drupal 8.2.x before 8.2.7, the editor will not correctly check access for the file being attached, resulting in an access bypass.
|
CWE-863
Incorrect Authorization
|
CVE-2017-6377
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255926
|
4.7 |
MEDIUM
Network
|
sap
|
businessobjects_financial_consolidation
|
Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET requ…
|
CWE-79
Cross-site Scripting
|
CVE-2017-6061
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255927
|
6.1 |
MEDIUM
Network
|
epson
|
tmnet_webconfig
|
Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-6443
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255928
|
5.5 |
MEDIUM
Local
|
ettercap-project
|
ettercap
|
The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-6430
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255929
|
7.8 |
HIGH
Local
|
broadcom
|
tcpreplay
|
Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-6429
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255930
|
7.3 |
HIGH
Local
|
amazon
|
kindle_for_pc
|
Untrusted search path vulnerability in Amazon Kindle for PC before 1.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in the current working di…
|
CWE-426
Untrusted Search Path
|
CVE-2017-6189
|
2024-11-21 12:29 |
2017-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
