|
248531
|
5.4 |
MEDIUM
Network
|
iodata
|
wn-ac1167gr_firmware
|
Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2148
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248532
|
6.1 |
MEDIUM
Network
|
wp-statistics
|
wp_statistics
|
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2147
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248533
|
5.3 |
MEDIUM
Network
|
frogman_office_inc
|
cs-cart_multivendor_japanese_edition
cs-cart_japanese_edition
|
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a c…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2017-2143
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248534
|
9.8 |
CRITICAL
Network
|
iodata
|
wn-g300r3_firmware
|
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-2142
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248535
|
7.2 |
HIGH
Network
|
iodata
|
wn-g300r3_firmware
|
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2017-2141
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248536
|
8.8 |
HIGH
Network
|
gaku
|
tablacus_explorer
|
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.
|
CWE-74
Injection
|
CVE-2017-2140
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248537
|
5.3 |
MEDIUM
Network
|
frogman_office_inc
|
cs-cart
|
CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2017-2139
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248538
|
3.7 |
LOW
Network
|
netgear
|
prosafe_plus_configuration_utility
|
ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.
|
NVD-CWE-noinfo
|
CVE-2017-2137
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248539
|
6.1 |
MEDIUM
Network
|
wp_statistics
|
wp_statistics
|
Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2136
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248540
|
6.1 |
MEDIUM
Network
|
wp-statistics
|
wp_statistics
|
Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2135
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
