|
252451
|
6.5 |
MEDIUM
Network
|
synology
|
chat
|
Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-15886
|
2024-11-21 12:15 |
2017-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252452
|
9.8 |
CRITICAL
Network
|
sistemagpweb
|
gpweb
|
Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allows remote attackers to view the password and user database.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-15877
|
2024-11-21 12:15 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252453
|
7.2 |
HIGH
Network
|
sistemagpweb
|
gpweb
|
Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2017-15876
|
2024-11-21 12:15 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252454
|
9.8 |
CRITICAL
Network
|
sistemagpweb
|
gpweb
|
SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.
|
CWE-89
SQL Injection
|
CVE-2017-15875
|
2024-11-21 12:15 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252455
|
8.8 |
HIGH
Network
|
apache
|
sling_authentication_service
|
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over …
|
CWE-200
Information Exposure
|
CVE-2017-15700
|
2024-11-21 12:15 |
2017-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252456
|
4.8 |
MEDIUM
Network
|
synology
|
mailplus_server
|
Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15890
|
2024-11-21 12:15 |
2017-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252457
|
3.1 |
LOW
Network
|
nodejs
|
node.js
|
Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified. For example, 'Buffer.alloc(0x100, "This…
|
CWE-665
Improper Initialization
|
CVE-2017-15897
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252458
|
9.1 |
CRITICAL
Network
|
nodejs
|
node.js
|
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application dat…
|
NVD-CWE-noinfo
|
CVE-2017-15896
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252459
|
5.3 |
MEDIUM
Network
|
paloaltonetworks
|
pan-os
|
The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before …
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2017-15943
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252460
|
7.5 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.13, and 8.0.x before 8.0.6 allows remote attackers to cause a denial of service via vectors related to the management in…
|
NVD-CWE-noinfo
|
CVE-2017-15942
|
2024-11-21 12:15 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
