|
250031
|
6.1 |
MEDIUM
Network
|
csv-import-export_project
|
csv-import-export
|
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17753
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250032
|
6.1 |
MEDIUM
Network
|
webdesi9
|
custom_map
|
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advanceds…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17744
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250033
|
6.1 |
MEDIUM
Network
|
olyos
|
wp-concours
|
A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to inclu…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17719
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250034
|
9.8 |
CRITICAL
Network
|
conarc
|
ichannel
|
Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request…
|
NVD-CWE-noinfo
|
CVE-2017-17759
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250035
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wvr450l_firmware
tl-wvr458l_firmware
tl-wvr900l_firmware
tl-wvr1200l_firmware
tl-wvr1300l_firmware
tl-wvr1750l_firmware
tl-wvr2600l_firmware
tl-wvr4300l_firmware
tl-war450l…
|
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to …
|
CWE-78
OS Command
|
CVE-2017-17758
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250036
|
8.8 |
HIGH
Network
|
tp-link
|
tl-wvr450l_firmware
tl-wvr458l_firmware
tl-wvr900l_firmware
tl-wvr1200l_firmware
tl-wvr1300l_firmware
tl-wvr1750l_firmware
tl-wvr2600l_firmware
tl-wvr4300l_firmware
tl-war450l…
|
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related t…
|
CWE-78
OS Command
|
CVE-2017-17757
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250037
|
9.8 |
CRITICAL
Network
|
zuuse
|
beims_contractorweb_.net
|
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorde…
|
CWE-89
SQL Injection
|
CVE-2017-17721
|
2024-11-21 12:18 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250038
|
9.8 |
CRITICAL
Network
|
paid_to_read_script_project
|
paid_to_read_script
|
Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17651
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250039
|
6.1 |
MEDIUM
Network
|
readymade_video_sharing_script_project
|
readymade_video_sharing_script
|
Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.
|
CWE-94
Code Injection
|
CVE-2017-17649
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250040
|
9.8 |
CRITICAL
Network
|
phpautoclassifiedscript
|
bus_booking_script
|
Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
|
CWE-89
SQL Injection
|
CVE-2017-17645
|
2024-11-21 12:18 |
2017-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
