|
250791
|
8.8 |
HIGH
Network
|
mitel
|
st14.2
|
A vulnerability in the conferencing component of Mitel ST 14.2, release GA28 and earlier, could allow an authenticated user to upload a malicious script to the Personal Library by a crafted POST requ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-16251
|
2024-11-21 12:16 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250792
|
5.3 |
MEDIUM
Network
|
mitel
|
st14.2
|
A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allow an attacker to use the API function to enumerate through user-ids which could be used to identify valid user ids and associated…
|
CWE-200
Information Exposure
|
CVE-2017-16250
|
2024-11-21 12:16 |
2018-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250793
|
6.5 |
MEDIUM
Network
|
synology
|
surveillance_station
|
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain…
|
CWE-200
Information Exposure
|
CVE-2017-16770
|
2024-11-21 12:16 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250794
|
5.4 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc p…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16767
|
2024-11-21 12:16 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250795
|
5.5 |
MEDIUM
Local
|
ox_project
|
ox
|
In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16229
|
2024-11-21 12:16 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250796
|
5.3 |
MEDIUM
Network
|
synology
|
photo_station
|
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mo…
|
CWE-200
Information Exposure
|
CVE-2017-16769
|
2024-11-21 12:16 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250797
|
6.1 |
MEDIUM
Network
|
kubik-rubik
|
simple_image_gallery_extended
|
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16356
|
2024-11-21 12:16 |
2018-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250798
|
7.8 |
HIGH
Local
|
smartbear
|
soapui
|
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
|
CWE-94
Code Injection
|
CVE-2017-16670
|
2024-11-21 12:16 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250799
|
8.8 |
HIGH
Network
|
userscape
|
helpspot
|
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker …
|
CWE-352
Origin Validation Error
|
CVE-2017-16756
|
2024-11-21 12:16 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250800
|
6.1 |
MEDIUM
Network
|
userscape
|
helpspot
|
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16755
|
2024-11-21 12:16 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
