|
246851
|
7.8 |
HIGH
Local
|
synology
|
photo_station
|
A design flaw in authentication in Synology Photo Station 6.0-2528 through 6.7.1-3419 allows local users to obtain credentials via cmdline. Synology Photo Station employs the synophoto_dsm_user progr…
|
CWE-287
Improper Authentication
|
CVE-2017-9552
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246852
|
7.5 |
HIGH
Network
|
echatserver
|
easy_chat_server
|
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-9557
|
2024-11-21 12:36 |
2017-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246853
|
8.8 |
HIGH
Network
|
goldplugins
|
testimonials_plugin_easy_testimonials
|
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
|
CWE-89
SQL Injection
|
CVE-2017-9418
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246854
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching a Home Template Edit Pa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9548
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246855
|
5.4 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and…
|
CWE-79
Cross-site Scripting
|
CVE-2017-9547
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246856
|
5.7 |
MEDIUM
Network
|
bigtreecms
|
bigtree_cms
|
admin.php in BigTree through 4.2.18 allows remote authenticated users to cause a denial of service (inability to save revisions) via XSS sequences in a revision name.
|
CWE-79
Cross-site Scripting
|
CVE-2017-9546
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246857
|
9.8 |
CRITICAL
Network
|
echatserver
|
easy_chat_server
|
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering…
|
CWE-787
Out-of-bounds Write
|
CVE-2017-9544
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246858
|
7.5 |
HIGH
Network
|
echatserver
|
easy_chat_server
|
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2017-9543
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246859
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-615_firmware
|
D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation …
|
CWE-287
Improper Authentication
|
CVE-2017-9542
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246860
|
7.8 |
HIGH
Local
|
mruby
debian
|
mruby
debian_linux
|
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impac…
|
CWE-416
Use After Free
|
CVE-2017-9527
|
2024-11-21 12:36 |
2017-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
