|
247071
|
7.4 |
HIGH
Network
|
subsonic
|
subsonic
|
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-9355
|
2024-11-21 12:35 |
2017-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247072
|
6.1 |
MEDIUM
Network
|
pivotx
|
pivotx
|
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9332
|
2024-11-21 12:35 |
2017-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247073
|
8.8 |
HIGH
Network
|
open-emr
|
openemr
|
OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9380
|
2024-11-21 12:35 |
2017-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247074
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashb…
|
CWE-352
Origin Validation Error
|
CVE-2017-9379
|
2024-11-21 12:35 |
2017-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247075
|
6.5 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have…
|
CWE-863
Incorrect Authorization
|
CVE-2017-9378
|
2024-11-21 12:35 |
2017-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247076
|
7.5 |
HIGH
Network
|
digium
|
open_source
certified_asterisk
|
PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of servic…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9372
|
2024-11-21 12:35 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247077
|
4.8 |
MEDIUM
Network
|
epesi
|
epesi
|
Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9366
|
2024-11-21 12:35 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247078
|
8.8 |
HIGH
Network
|
bigtreecms
|
bigtree_cms
|
CSRF exists in BigTree CMS through 4.2.18 with the force parameter to /admin/pages/revisions.php - for example: /admin/pages/revisions/1/?force=false. A page with id=1 can be unlocked.
|
CWE-352
Origin Validation Error
|
CVE-2017-9365
|
2024-11-21 12:35 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247079
|
9.8 |
CRITICAL
Network
|
bigtreecms
|
bigtree_cms
|
Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-9364
|
2024-11-21 12:35 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247080
|
9.8 |
CRITICAL
Network
|
soffid
|
iam
|
Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-9363
|
2024-11-21 12:35 |
2017-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
