|
251921
|
6.5 |
MEDIUM
Network
|
synology
|
surveillance_station
|
File and directory information exposure vulnerability in SYNO.SurveillanceStation.PersonalSettings.Photo in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to obtain…
|
CWE-200
Information Exposure
|
CVE-2017-16770
|
2024-11-21 12:16 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251922
|
5.4 |
MEDIUM
Network
|
synology
|
surveillance_station
|
Cross-site scripting (XSS) vulnerability in User Profile in Synology Surveillance Station before 8.1.2-5469 allows remote authenticated users to inject arbitrary web script or HTML via the userDesc p…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16767
|
2024-11-21 12:16 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251923
|
5.5 |
MEDIUM
Local
|
ox_project
|
ox
|
In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.
|
CWE-125
Out-of-bounds Read
|
CVE-2017-16229
|
2024-11-21 12:16 |
2018-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251924
|
5.3 |
MEDIUM
Network
|
synology
|
photo_station
|
Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mo…
|
CWE-200
Information Exposure
|
CVE-2017-16769
|
2024-11-21 12:16 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251925
|
6.1 |
MEDIUM
Network
|
kubik-rubik
|
simple_image_gallery_extended
|
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16356
|
2024-11-21 12:16 |
2018-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251926
|
7.8 |
HIGH
Local
|
smartbear
|
soapui
|
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
|
CWE-94
Code Injection
|
CVE-2017-16670
|
2024-11-21 12:16 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251927
|
8.8 |
HIGH
Network
|
userscape
|
helpspot
|
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker …
|
CWE-352
Origin Validation Error
|
CVE-2017-16756
|
2024-11-21 12:16 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251928
|
6.1 |
MEDIUM
Network
|
userscape
|
helpspot
|
An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected cross-site scripting vulnerability exists in the "return" parameter of the "index.php?pg=moderated" endpoint. It executes when …
|
CWE-79
Cross-site Scripting
|
CVE-2017-16755
|
2024-11-21 12:16 |
2018-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251929
|
9.8 |
CRITICAL
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The speci…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2017-16610
|
2024-11-21 12:16 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251930
|
7.5 |
HIGH
Network
|
netgain-systems
|
enterprise_manager
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. T…
|
CWE-200
Information Exposure
|
CVE-2017-16609
|
2024-11-21 12:16 |
2018-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
