|
251721
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action.
|
CWE-89
SQL Injection
|
CVE-2017-16850
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251722
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do?method=viewDashBoard forpage parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16849
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251723
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 allows SQL injection via the /manageConfMons.do groupname parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16848
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251724
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a showPlasmaView action.
|
CWE-89
SQL Injection
|
CVE-2017-16847
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251725
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter.
|
CWE-89
SQL Injection
|
CVE-2017-16846
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251726
|
9.8 |
CRITICAL
Network
|
procmail
|
procmail
|
Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-16844
|
2024-11-21 12:17 |
2017-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251727
|
4.8 |
MEDIUM
Network
|
yoast
|
wordpress_seo
|
Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16842
|
2024-11-21 12:17 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251728
|
6.1 |
MEDIUM
Network
|
lansweeper
|
lansweeper
|
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16841
|
2024-11-21 12:17 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251729
|
7.8 |
HIGH
Local
|
trusted_boot_project
|
trusted_boot
|
Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not validated and can cause arbitrary code execution, which allows local users to overwrite dynamic PCRs of Trusted Platform Module…
|
CWE-20
Improper Input Validation
|
CVE-2017-16837
|
2024-11-21 12:17 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251730
|
6.1 |
MEDIUM
Network
|
commscope
|
arris_tg1682g_firmware
|
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16836
|
2024-11-21 12:17 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
