|
253321
|
8.8 |
HIGH
Network
|
genixcms
|
genixcms
|
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.
|
CWE-94
Code Injection
|
CVE-2017-14764
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253322
|
8.8 |
HIGH
Network
|
genixcms
|
genixcms
|
In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.
|
NVD-CWE-noinfo
|
CVE-2017-14763
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253323
|
6.1 |
MEDIUM
Network
|
genixcms
|
genixcms
|
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14762
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253324
|
6.1 |
MEDIUM
Network
|
genixcms
|
genixcms
|
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14761
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253325
|
9.8 |
CRITICAL
Network
|
eventespresso
|
event_espresso_lite
|
SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.…
|
CWE-89
SQL Injection
|
CVE-2017-14760
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253326
|
5.4 |
MEDIUM
Network
|
eyesofnetwork
|
eyesofnetwork
|
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to mod…
|
CWE-79
Cross-site Scripting
|
CVE-2017-14753
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253327
|
6.1 |
MEDIUM
Network
|
intensewp
|
wp_jobs
|
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
|
CWE-79
Cross-site Scripting
|
CVE-2017-14751
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253328
|
7.8 |
HIGH
Local
|
jerryscript
|
jerryscript
|
JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecog…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-14749
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253329
|
5.3 |
MEDIUM
Network
|
blizzard
|
overwatch
|
Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific t…
|
CWE-362
Race Condition
|
CVE-2017-14748
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253330
|
7.8 |
HIGH
Local
|
gnu
|
binutils
|
The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, w…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2017-14745
|
2024-11-21 12:13 |
2017-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
