|
256771
|
5.4 |
MEDIUM
Network
|
plone
|
plone
|
A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000482
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256772
|
9.8 |
CRITICAL
Network
|
smarty
|
smarty
|
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
|
CWE-94
Code Injection
|
CVE-2017-1000480
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256773
|
6.1 |
MEDIUM
Network
|
plone
|
plone
|
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you t…
|
CWE-601
Open Redirect
|
CVE-2017-1000481
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256774
|
8.8 |
HIGH
Network
|
opnsense_project
netgate
|
opnsense
pfsense
|
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Fram…
|
CWE-352
Origin Validation Error
|
CVE-2017-1000479
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256775
|
5.4 |
MEDIUM
Network
|
elabftw
|
elabftw
|
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000478
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256776
|
7.5 |
HIGH
Network
|
xmlbundle_project
|
xmlbundle
|
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.
|
CWE-611
XXE
|
CVE-2017-1000477
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256777
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
canonical
|
imagemagick
debian_linux
ubuntu_linux
|
ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-1000476
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256778
|
6.5 |
MEDIUM
Network
|
mautic
acquia
|
mautic
|
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user…
|
CWE-22
Path Traversal
|
CVE-2017-1000490
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256779
|
8.1 |
HIGH
Network
|
mautic
acquia
|
mautic
|
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
|
CWE-287
Improper Authentication
|
CVE-2017-1000489
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256780
|
6.1 |
MEDIUM
Network
|
mautic
acquia
|
mautic
|
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000488
|
2024-11-21 12:04 |
2018-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
