|
255501
|
6.1 |
MEDIUM
Network
|
delayed_job_web_project
|
delayed_job_web
|
An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an …
|
CWE-79
Cross-site Scripting
|
CVE-2017-12097
|
2024-11-21 12:08 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255502
|
6.1 |
MEDIUM
Network
|
rails_admin_project
|
rails_admin
|
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in a…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12098
|
2024-11-21 12:08 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255503
|
7.5 |
HIGH
Network
|
freeipa
|
freeipa
|
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to…
|
CWE-200
Information Exposure
|
CVE-2017-12169
|
2024-11-21 12:08 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255504
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11698
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255505
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted ce…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11697
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255506
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted c…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11696
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255507
|
7.8 |
HIGH
Local
|
mozilla
|
network_security_services
|
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted ce…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11695
|
2024-11-21 12:08 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255508
|
5.4 |
MEDIUM
Network
|
synology
|
photo_station
|
Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id par…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12072
|
2024-11-21 12:08 |
2017-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255509
|
8.8 |
HIGH
Network
|
mt4
|
senhasegura
|
A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.
|
CWE-384
Session Fixation
|
CVE-2017-11562
|
2024-11-21 12:08 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255510
|
6.5 |
MEDIUM
Network
|
microsoft
|
office
|
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu…
|
CWE-200
Information Exposure
|
CVE-2017-11939
|
2024-11-21 12:08 |
2017-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
