|
258771
|
6.1 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11195
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258772
|
6.1 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and i…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11194
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258773
|
8.8 |
HIGH
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These …
|
CWE-352
Origin Validation Error
|
CVE-2017-11193
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258774
|
7.8 |
HIGH
Local
|
rarzilla
|
unrar-free
|
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspeci…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11190
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258775
|
6.5 |
MEDIUM
Network
|
rarzilla
|
unrar-free
|
unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code …
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11189
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258776
|
7.5 |
HIGH
Network
|
imagemagick
|
imagemagick
|
The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check.
|
CWE-834
Excessive Iteration
|
CVE-2017-11188
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258777
|
9.8 |
CRITICAL
Network
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2017-11187
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258778
|
9.8 |
CRITICAL
Network
|
finecms_project
|
finecms
|
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo(…
|
CWE-94
Code Injection
|
CVE-2017-11167
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258779
|
9.8 |
CRITICAL
Network
|
datataker
|
dt80_dex_firmware
|
dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.
|
CWE-200
Information Exposure
|
CVE-2017-11165
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258780
|
5.4 |
MEDIUM
Network
|
fairsketch
|
rise_ultimate_project_manager
|
In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11182
|
2024-11-21 12:07 |
2017-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
