|
249751
|
6.1 |
MEDIUM
Network
|
wpdownloadmanager
|
wordpress_download_manager
|
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18032
|
2024-11-21 12:19 |
2018-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249752
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-18029
|
2024-11-21 12:19 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249753
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2017-18028
|
2024-11-21 12:19 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249754
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-18027
|
2024-11-21 12:19 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249755
|
6.1 |
MEDIUM
Network
|
sophos
|
sfos
|
An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log pa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-18014
|
2024-11-21 12:19 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249756
|
9.8 |
CRITICAL
Network
|
muvikoscript
|
muviko
|
Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to login.php; the (2) season_id parameter to themes/flixer/aj…
|
CWE-89
SQL Injection
|
CVE-2017-17970
|
2024-11-21 12:19 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249757
|
5.3 |
MEDIUM
Network
|
parity
|
browser
|
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the c…
|
CWE-346
Origin Validation Error
|
CVE-2017-18016
|
2024-11-21 12:19 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249758
|
9.8 |
CRITICAL
Network
|
novosoft
|
handy_password
|
A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-17946
|
2024-11-21 12:19 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249759
|
6.1 |
MEDIUM
Network
|
avantfax
|
avantfax
|
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18024
|
2024-11-21 12:19 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249760
|
6.1 |
MEDIUM
Network
|
officetracker
|
officetracker
|
Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18023
|
2024-11-21 12:19 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
