|
254771
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14241
|
2024-11-21 12:12 |
2017-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254772
|
7.5 |
HIGH
Network
|
dolibarr
|
dolibarr
|
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.
|
CWE-200
Information Exposure
|
CVE-2017-14240
|
2024-11-21 12:12 |
2017-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254773
|
5.4 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) …
|
CWE-79
Cross-site Scripting
|
CVE-2017-14239
|
2024-11-21 12:12 |
2017-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254774
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr
|
SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the menuId parameter.
|
CWE-89
SQL Injection
|
CVE-2017-14238
|
2024-11-21 12:12 |
2017-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254775
|
5.3 |
MEDIUM
Network
|
genixcms
|
genixcms
|
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> user…
|
CWE-20
Improper Input Validation
|
CVE-2017-14231
|
2024-11-21 12:12 |
2017-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254776
|
9.1 |
CRITICAL
Network
|
cyrus
|
imap
|
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow re…
|
CWE-20
Improper Input Validation
|
CVE-2017-14230
|
2024-11-21 12:12 |
2017-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254777
|
7.5 |
HIGH
Network
|
jasper_project
|
jasper
|
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2017-14229
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254778
|
5.5 |
MEDIUM
Local
|
nasm
canonical
|
netwide_assembler
ubuntu_linux
|
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-14228
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254779
|
7.5 |
HIGH
Network
|
mongodb
|
mongodb
|
In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-iter.c miscalculates a bson_utf8_validate length argument, which allows remote attackers to cause a denial of service (heap-based b…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14227
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254780
|
7.5 |
HIGH
Network
|
libreoffice
libwpd
|
libreoffice
libwpd
|
WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read …
|
CWE-125
Out-of-bounds Read
|
CVE-2017-14226
|
2024-11-21 12:12 |
2017-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
