|
251191
|
6.1 |
MEDIUM
Network
|
zohocorp
|
manageengine_password_manager_pro
|
Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17698
|
2024-11-21 12:18 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251192
|
5.1 |
MEDIUM
Local
|
hp
|
synaptics_touchpad_driver
|
A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.
|
CWE-200
Information Exposure
|
CVE-2017-17556
|
2024-11-21 12:18 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251193
|
8.6 |
HIGH
Network
|
linuxfoundation
|
harbor
|
The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-17697
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251194
|
4.3 |
MEDIUM
Network
|
techno_-_portfolio_management_panel_project
|
techno_-_portfolio_management_panel
|
Techno - Portfolio Management Panel through 2017-11-16 allows full path disclosure via an invalid s parameter to panel/search.php.
|
CWE-200
Information Exposure
|
CVE-2017-17696
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251195
|
8.8 |
HIGH
Network
|
techno_-_portfolio_management_panel_project
|
techno_-_portfolio_management_panel
|
Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter.
|
CWE-89
SQL Injection
|
CVE-2017-17695
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251196
|
5.4 |
MEDIUM
Network
|
techno_-_portfolio_management_panel_project
|
techno_-_portfolio_management_panel
|
Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-17694
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251197
|
4.3 |
MEDIUM
Network
|
techno_-_portfolio_management_panel_project
|
techno_-_portfolio_management_panel
|
Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.
|
CWE-862
Missing Authorization
|
CVE-2017-17693
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251198
|
8.8 |
HIGH
Network
|
videolan
debian
|
vlc_media_player
debian_linux
|
In VideoLAN VLC media player through 2.2.8, there is a type conversion vulnerability in modules/demux/mp4/libmp4.c in the MP4 demux module leading to a invalid free, because the type of a box may be …
|
CWE-416
Use After Free
|
CVE-2017-17670
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251199
|
8.8 |
HIGH
Network
|
gjots2_project
|
gjots2
|
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-inje…
|
CWE-74
Injection
|
CVE-2017-17535
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251200
|
8.8 |
HIGH
Network
|
mensis_project
|
mensis
|
uiutil.c in Mensis 0.0.080507 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection at…
|
CWE-74
Injection
|
CVE-2017-17534
|
2024-11-21 12:18 |
2017-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
