|
255741
|
5.3 |
MEDIUM
Network
|
pysaml2_project
|
pysaml2
|
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2017-1000246
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255742
|
9.8 |
CRITICAL
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-1000237
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255743
|
6.1 |
MEDIUM
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed i…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000236
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255744
|
9.8 |
CRITICAL
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
|
CWE-78
OS Command
|
CVE-2017-1000235
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255745
|
5.3 |
MEDIUM
Network
|
i-librarian
|
i_librarian
|
I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter
|
CWE-200
Information Exposure
|
CVE-2017-1000234
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255746
|
9.8 |
CRITICAL
Network
|
nlnetlabs
|
ldns
|
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
|
CWE-415
Double Free
|
CVE-2017-1000232
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255747
|
9.8 |
CRITICAL
Network
|
nlnetlabs
|
ldns
|
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
|
CWE-415
Double Free
|
CVE-2017-1000231
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255748
|
8.1 |
HIGH
Network
|
open-emr
|
openemr
|
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view an…
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000241
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255749
|
5.4 |
MEDIUM
Network
|
open-emr
|
openemr
|
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote auth…
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000240
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255750
|
5.4 |
MEDIUM
Network
|
invoiceplane
|
invoiceplane
|
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of …
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000239
|
2024-11-21 12:04 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
