|
249671
|
8.8 |
HIGH
Network
|
information-technology_promotion_agency
|
introduction_to_safe_website_operation
|
Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.
|
CWE-78
OS Command
|
CVE-2017-2128
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249672
|
5.4 |
MEDIUM
Network
|
yop-poll
|
yop_poll
|
Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2127
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249673
|
8.8 |
HIGH
Network
|
allied_telesis_k.k.
|
centrecom_ar260s_v2_firmware
|
Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.
|
NVD-CWE-noinfo
|
CVE-2017-2125
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249674
|
6.1 |
MEDIUM
Network
|
onethird
|
onethird_cms
|
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2124
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249675
|
6.1 |
MEDIUM
Network
|
onethird
|
onethird_cms
|
Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2123
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249676
|
7.2 |
HIGH
Network
|
wbce
|
wbce_cms
|
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2017-2120
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249677
|
8.6 |
HIGH
Network
|
wbce
|
wbce_cms
|
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-2119
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249678
|
6.1 |
MEDIUM
Network
|
wbce
|
wbce_cms
|
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2017-2118
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249679
|
4.9 |
MEDIUM
Network
|
cubecart
|
cubecart
|
Directory traversal vulnerability in CubeCart versions prior to 6.1.5 allows attacker with administrator rights to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2017-2117
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249680
|
4.3 |
MEDIUM
Network
|
cybozu
|
office
|
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2017-2116
|
2024-11-21 12:22 |
2017-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
