|
252971
|
6.1 |
MEDIUM
Network
|
wpjobboard
|
wpjobboard
|
Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15375
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252972
|
6.1 |
MEDIUM
Network
|
shopware
|
shopware
|
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script c…
|
CWE-79
Cross-site Scripting
|
CVE-2017-15374
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252973
|
7.8 |
HIGH
Local
|
cpuid
|
cpu-z
|
In CPUID CPU-Z through 1.81, there are improper access rights to a kernel-mode driver (e.g., cpuz143_x64.sys for version 1.43) that can result in information disclosure or elevation of privileges, be…
|
NVD-CWE-noinfo
|
CVE-2017-15302
|
2024-11-21 12:14 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252974
|
7.5 |
HIGH
Network
|
mirasys
|
video_management_system
|
Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5.15, and 8.x before 8.1.1 has a login process in which cleartext data is sent from a server to a client, and not all of this data…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2017-15290
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252975
|
6.1 |
MEDIUM
Network
|
bouqueteditor_project
|
bouqueteditor
|
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
|
CWE-79
Cross-site Scripting
|
CVE-2017-15287
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252976
|
7.5 |
HIGH
Network
|
qemu
|
qemu
|
Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-15268
|
2024-11-21 12:14 |
2017-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252977
|
8.8 |
HIGH
Network
|
opentext
|
documentum_content_server
|
OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Ser…
|
CWE-22
Path Traversal
|
CVE-2017-15276
|
2024-11-21 12:14 |
2017-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252978
|
7.5 |
HIGH
Network
|
sqlite
|
sqlite
|
SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never in…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-15286
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252979
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened …
|
CWE-79
Cross-site Scripting
|
CVE-2017-15284
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252980
|
8.8 |
HIGH
Network
|
imagemagick
canonical
|
imagemagick
ubuntu_linux
|
ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-15281
|
2024-11-21 12:14 |
2017-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
