|
255041
|
7.5 |
HIGH
Network
|
open-emr
|
openemr
|
The csv_log_html function in library/edihistory/edih_csv_inc.php in OpenEMR 5.0.0 and prior allows attackers to bypass intended access restrictions via a crafted name.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2017-12064
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255042
|
6.1 |
MEDIUM
Network
|
connectwise
|
manage
|
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafte…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11727
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255043
|
8.8 |
HIGH
Network
|
connectwise
|
manage
|
services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.
|
CWE-352
Origin Validation Error
|
CVE-2017-11726
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255044
|
8.8 |
HIGH
Network
|
techroutes
|
tr_1803-3g_firmware
|
Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filte…
|
CWE-352
Origin Validation Error
|
CVE-2017-11648
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255045
|
8.8 |
HIGH
Network
|
projeqtor
|
projeqtor
|
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated…
|
CWE-94
Code Injection
|
CVE-2017-11760
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255046
|
7.5 |
HIGH
Network
|
eapmd5pass_project
|
eapmd5pass
|
A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2017-11670
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255047
|
7.5 |
HIGH
Network
|
eapmd5pass_project
|
eapmd5pass
|
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11669
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255048
|
7.5 |
HIGH
Network
|
eapmd5pass_project
|
eapmd5pass
|
An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11668
|
2024-11-21 12:08 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255049
|
9.8 |
CRITICAL
Network
|
actian
|
pervasive_psql
zen
|
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2017-11757
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255050
|
9.8 |
CRITICAL
Network
|
medhost
|
connex
|
MEDHOST Connex contains a hard-coded Mirth Connect admin credential that is used for customer Mirth Connect management access. An attacker with knowledge of the hard-coded credential and the ability …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11743
|
2024-11-21 12:08 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
