|
255441
|
7.5 |
HIGH
Network
|
basercms
|
basercms
|
baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to delete arbitrary files via unspecified vectors when the "File" field is being used in the mail form.
|
NVD-CWE-noinfo
|
CVE-2017-10843
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255442
|
9.8 |
CRITICAL
Network
|
basercms
|
basercms
|
SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2017-10842
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255443
|
4.9 |
MEDIUM
Network
|
webcalendar_project
|
webcalendar
|
Directory traversal vulnerability in WebCalendar 1.2.7 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-10841
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255444
|
6.1 |
MEDIUM
Network
|
webcalendar_project
|
webcalendar
|
Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10840
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255445
|
8.8 |
HIGH
Network
|
seopanel
|
seo_panel
|
SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2017-10839
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255446
|
6.1 |
MEDIUM
Network
|
seopanel
|
seo_panel
|
Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10838
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255447
|
6.1 |
MEDIUM
Network
|
backup-guard
|
backup_guard
|
Cross-site scripting vulnerability in BackupGuard prior to version 1.1.47 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-10837
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255448
|
7.8 |
HIGH
Local
|
optim
|
optimal_guard
|
Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
|
CWE-426
Untrusted Search Path
|
CVE-2017-10836
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255449
|
8.8 |
HIGH
Network
|
nippon-antenna
|
scr02hd_firmware
|
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2017-10835
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255450
|
6.5 |
MEDIUM
Network
|
nippon-antenna
|
scr02hd_firmware
|
Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-10834
|
2024-11-21 12:06 |
2017-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
