|
247031
|
6.5 |
MEDIUM
Network
|
piwigo
|
piwigo
|
The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context …
|
CWE-89
SQL Injection
|
CVE-2017-9463
|
2024-11-21 12:36 |
2017-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247032
|
5.3 |
MEDIUM
Network
|
haxx
|
curl
|
In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL witho…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-9502
|
2024-11-21 12:36 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247033
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variabl…
|
CWE-200
Information Exposure
|
CVE-2017-9605
|
2024-11-21 12:36 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247034
|
8.8 |
HIGH
Network
|
intensewp
|
wp_jobs
|
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
|
CWE-89
SQL Injection
|
CVE-2017-9603
|
2024-11-21 12:36 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247035
|
8.8 |
HIGH
Network
|
event_list_project
|
event_list
|
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
|
CWE-89
SQL Injection
|
CVE-2017-9429
|
2024-11-21 12:36 |
2017-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247036
|
7.5 |
HIGH
Network
|
kde
|
kmail
messagelib
|
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, w…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-9604
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247037
|
7.8 |
HIGH
Local
|
synology
|
photo_station
|
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user progr…
|
CWE-287
Improper Authentication
|
CVE-2017-9552
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247038
|
7.5 |
HIGH
Network
|
echatserver
|
easy_chat_server
|
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-9557
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247039
|
8.8 |
HIGH
Network
|
goldplugins
|
testimonials_plugin_easy_testimonials
|
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
|
CWE-89
SQL Injection
|
CVE-2017-9418
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247040
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Pa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9548
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
