|
252641
|
8.8 |
HIGH
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-15731
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252642
|
8.8 |
HIGH
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
|
CWE-352
Origin Validation Error
|
CVE-2017-15730
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252643
|
8.8 |
HIGH
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
|
CWE-352
Origin Validation Error
|
CVE-2017-15729
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252644
|
4.8 |
MEDIUM
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15728
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252645
|
5.4 |
MEDIUM
Network
|
phpmyfaq
|
phpmyfaq
|
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15727
|
2024-11-21 12:15 |
2017-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252646
|
6.1 |
MEDIUM
Network
|
craftercms
|
crafter_cms
|
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15682
|
2024-11-21 12:14 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252647
|
9.8 |
CRITICAL
Network
|
craftercms
|
crafter_cms
|
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.
|
CWE-22
Path Traversal
|
CVE-2017-15681
|
2024-11-21 12:14 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252648
|
6.5 |
MEDIUM
Network
|
craftercms
|
crafter_cms
|
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
|
CWE-862
Missing Authorization
|
CVE-2017-15680
|
2024-11-21 12:14 |
2020-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252649
|
5.3 |
MEDIUM
Network
|
redhat
|
cloudforms_management_engine
|
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potenti…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2017-15123
|
2024-11-21 12:14 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252650
|
5.5 |
MEDIUM
Local
|
artifex
|
ghostscript
|
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected…
|
CWE-200
Information Exposure
|
CVE-2017-15652
|
2024-11-21 12:14 |
2019-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
