|
252571
|
6.1 |
MEDIUM
Network
|
easy_appointments_project
|
easy_appointments
|
The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15812
|
2024-11-21 12:15 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252572
|
5.4 |
MEDIUM
Network
|
pootlepress
|
pootle_button
|
The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15811
|
2024-11-21 12:15 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252573
|
6.1 |
MEDIUM
Network
|
popcash
|
popcash.net_code_integration_tool
|
The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress has XSS via the tab parameter to wp-admin/admin.php.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15810
|
2024-11-21 12:15 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252574
|
6.1 |
MEDIUM
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15809
|
2024-11-21 12:15 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252575
|
8.8 |
HIGH
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-15808
|
2024-11-21 12:15 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252576
|
7.5 |
HIGH
Network
|
cisco
|
small_business_sa520_firmware
small_business_sa540_firmware
|
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.
|
CWE-22
Path Traversal
|
CVE-2017-15805
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252577
|
6.1 |
MEDIUM
Network
|
logitech
|
media_server
|
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15687
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252578
|
9.8 |
CRITICAL
Network
|
gnu
|
glibc
|
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15804
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252579
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x000000…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15789
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252580
|
7.8 |
HIGH
Local
|
xnview
|
xnview
|
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x000000…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15788
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
