|
251151
|
4.8 |
MEDIUM
Network
|
paid_to_read_script_project
|
paid_to_read_script
|
Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17778
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251152
|
9.8 |
CRITICAL
Network
|
paid_to_read_script_project
|
paid_to_read_script
|
Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.
|
CWE-287
Improper Authentication
|
CVE-2017-17777
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251153
|
5.3 |
MEDIUM
Network
|
paid_to_read_script_project
|
paid_to_read_script
|
Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.
|
CWE-200
Information Exposure
|
CVE-2017-17776
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251154
|
6.1 |
MEDIUM
Network
|
piwigo
|
piwigo
|
Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17775
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251155
|
8.8 |
HIGH
Network
|
piwigo
|
piwigo
|
admin/configuration.php in Piwigo 2.9.2 has CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2017-17774
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251156
|
6.1 |
MEDIUM
Network
|
mediaburst
|
booking_calendar_sms
clockwork_sms_notfications
contact_form_7_sms
fast_secure_contact_form_sms
formidable
gravity_forms
two-factor_authentication
wp_e-commerce
|
The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following Wo…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17780
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251157
|
7.5 |
HIGH
Network
|
liveqos
|
superbeam
|
SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to sen…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2017-17763
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251158
|
9.8 |
CRITICAL
Network
|
ichano
|
athome_ip_camera_firmware
|
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. Th…
|
NVD-CWE-noinfo
|
CVE-2017-17761
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251159
|
6.1 |
MEDIUM
Network
|
csv-import-export_project
|
csv-import-export
|
Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17753
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251160
|
6.1 |
MEDIUM
Network
|
webdesi9
|
custom_map
|
A cross-site scripting (XSS) vulnerability in the custom-map plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter to view/advanceds…
|
CWE-79
Cross-site Scripting
|
CVE-2017-17744
|
2024-11-21 12:18 |
2017-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
