|
255901
|
5.4 |
MEDIUM
Network
|
finecms_project
|
finecms
|
application/core/controller/images.php in FineCMS through 2017-07-12 allows remote authenticated admins to conduct XSS attacks by uploading an image via a route=images action.
|
CWE-79
Cross-site Scripting
|
CVE-2017-11201
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255902
|
8.8 |
HIGH
Network
|
finecms_project
|
finecms
|
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.
|
CWE-89
SQL Injection
|
CVE-2017-11200
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255903
|
6.1 |
MEDIUM
Network
|
finecms_project
|
finecms
|
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or nam…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11198
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255904
|
8.1 |
HIGH
Network
|
heimdal_project
freebsd
samba
apple
debian
|
heimdal
freebsd
samba
mac_os_x
iphone_os
debian_linux
|
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11103
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255905
|
9.8 |
CRITICAL
Network
|
xoops
|
xoops
|
In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8.1, unfiltered data passed to CREATE and ALTER SQL queries caused SQL Injection in the database settings page, related to use of …
|
CWE-89
SQL Injection
|
CVE-2017-11174
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255906
|
8.8 |
HIGH
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malici…
|
CWE-352
Origin Validation Error
|
CVE-2017-11196
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255907
|
6.1 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11195
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255908
|
6.1 |
MEDIUM
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and i…
|
CWE-79
Cross-site Scripting
|
CVE-2017-11194
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255909
|
8.8 |
HIGH
Network
|
pulsesecure
|
pulse_connect_secure
|
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These …
|
CWE-352
Origin Validation Error
|
CVE-2017-11193
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255910
|
7.8 |
HIGH
Local
|
rarzilla
|
unrar-free
|
unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspeci…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11190
|
2024-11-21 12:07 |
2017-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
