|
198571
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login scre…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11180
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198572
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11179
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198573
|
7.5 |
HIGH
Network
|
finecms_project
|
finecms
|
In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example,…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11178
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198574
|
7.8 |
HIGH
Local
|
linux
debian
|
linux_kernel
debian_linux
|
The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to …
|
CWE-416
Use After Free
|
CVE-2017-11176
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198575
|
5.5 |
MEDIUM
Local
|
gnome
|
gnome-session
|
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-11171
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198576
|
8.8 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via invalid colors data in the header of a TGA or VST file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11170
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198577
|
7.5 |
HIGH
Network
|
pcre
|
pcre
|
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
|
CWE-674
Uncontrolled Recursion
|
CVE-2017-11164
|
2024-11-21 12:07 |
2017-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198578
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the heade…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-11166
|
2024-11-21 12:07 |
2017-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198579
|
5.4 |
MEDIUM
Network
|
cacti
|
cacti
|
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, r…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11163
|
2024-11-21 12:07 |
2017-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198580
|
9.1 |
CRITICAL
Network
|
php
netapp
|
php
clustered_data_ontap
|
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11147
|
2024-11-21 12:07 |
2017-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
