|
250871
|
5.5 |
MEDIUM
Local
|
silverstripe
|
silverstripe
|
In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before 3.6.3, and 4.x before 4.0.1, it's possible for the output to contain macros and scripts, which may be executed if imported without…
|
CWE-74
Injection
|
CVE-2017-18049
|
2024-11-21 12:19 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250872
|
8.8 |
HIGH
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads to remote command execution on the server, for example because .php (lowercase) is blocked but .PHP (uppercase) is not.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-18048
|
2024-11-21 12:19 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250873
|
9.8 |
CRITICAL
Network
|
labf
|
nfsaxe
|
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18047
|
2024-11-21 12:19 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250874
|
9.8 |
CRITICAL
Network
|
dasannetworks
|
h640x_firmware
|
Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 2.77p1-1124 and 3.03p2-1146 devices allows remote attackers to execute arbitrary code via a long POST request to the login_action funct…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-18046
|
2024-11-21 12:19 |
2018-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250875
|
9.8 |
CRITICAL
Network
|
directadmin
|
directadmin
|
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.
|
NVD-CWE-noinfo
|
CVE-2017-18045
|
2024-11-21 12:19 |
2018-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250876
|
9.8 |
CRITICAL
Network
|
commvault
|
commvault
|
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate th…
|
CWE-78
OS Command
|
CVE-2017-18044
|
2024-11-21 12:19 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250877
|
6.5 |
MEDIUM
Network
|
atlassian
|
jira
|
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (C…
|
CWE-352
Origin Validation Error
|
CVE-2017-18033
|
2024-11-21 12:19 |
2018-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250878
|
4.8 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Pol…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17947
|
2024-11-21 12:19 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250879
|
6.1 |
MEDIUM
Network
|
wpdownloadmanager
|
wordpress_download_manager
|
The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-18032
|
2024-11-21 12:19 |
2018-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250880
|
6.5 |
MEDIUM
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-18029
|
2024-11-21 12:19 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
