|
258171
|
8.8 |
HIGH
Network
|
exiv2
|
exiv2
|
There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The vulnerability causes an out-of-bounds write in Exiv2::Image::printIFDStructure(), which may lead to remote denial of service or…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2017-12955
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258172
|
8.8 |
HIGH
Network
|
podlove
|
podlove_podcast_publisher
|
lib\modules\contributors\contributor_list_table.php in the Podlove Podcast Publisher plugin 2.5.3 and earlier for WordPress has SQL injection in the orderby parameter to wp-admin/admin.php, exploitab…
|
CWE-89
SQL Injection
|
CVE-2017-12949
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258173
|
6.1 |
MEDIUM
Network
|
pressforward
|
pressforward
|
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12948
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258174
|
7.2 |
HIGH
Network
|
easymodal_project
|
easy_modal
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in an untrash action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable …
|
CWE-89
SQL Injection
|
CVE-2017-12947
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258175
|
7.2 |
HIGH
Network
|
easymodal_project
|
easy_modal
|
classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by…
|
CWE-89
SQL Injection
|
CVE-2017-12946
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258176
|
5.4 |
MEDIUM
Network
|
spring_batch_admin_project
|
spring_batch_admin
|
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12882
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258177
|
8.8 |
HIGH
Network
|
spring_batch_admin_project
|
spring_batch_admin
|
Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such …
|
CWE-352
Origin Validation Error
|
CVE-2017-12881
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258178
|
9.8 |
CRITICAL
Network
|
nexusphp_project
|
nexusphp
|
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.
|
CWE-89
SQL Injection
|
CVE-2017-12776
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258179
|
5.9 |
MEDIUM
Network
|
netapp
|
data_ontap
|
NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2017-12859
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258180
|
6.1 |
MEDIUM
Network
|
nexusphp_project
|
nexusphp
|
Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-12680
|
2024-11-21 12:10 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
