|
251691
|
5.4 |
MEDIUM
Network
|
horde
|
groupware
|
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16908
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251692
|
5.4 |
MEDIUM
Network
|
horde
|
groupware
|
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16907
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251693
|
5.4 |
MEDIUM
Network
|
horde
|
groupware
|
In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16906
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251694
|
6.1 |
MEDIUM
Network
|
lvyecms_project
|
lvyecms
|
The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16904
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251695
|
9.8 |
CRITICAL
Network
|
lvyecms_project
|
lvyecms
|
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, wit…
|
CWE-22
Path Traversal
|
CVE-2017-16903
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251696
|
7.5 |
HIGH
Network
|
vonage
|
vdv-23_firmware
|
On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16902
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251697
|
7.1 |
HIGH
Local
|
xfig_project
debian
|
xfig
debian_linux
|
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to…
|
CWE-129
Improper Validation of Array Index
|
CVE-2017-16899
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251698
|
5.5 |
MEDIUM
Local
|
libming
|
libming
|
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a dif…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16898
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251699
|
9.8 |
CRITICAL
Network
|
tt-rss
|
tiny_tiny_rss
|
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16896
|
2024-11-21 12:17 |
2017-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251700
|
7.5 |
HIGH
Network
|
laravel
|
laravel
|
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Larav…
|
CWE-200
Information Exposure
|
CVE-2017-16894
|
2024-11-21 12:17 |
2017-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
